On Tue, Mar 25, 2014 at 11:23:02PM +0100, Christoph Anton Mitterer wrote: > On Tue, 2014-03-25 at 18:58 +0100, Bas Wijnen wrote: > > No, the point is that an attacker is detectable. > Why should he be?
Because I can store the certificate, go somewhere else, and check if my stored version is identical to the version that I receive from there. In that sense, self-signed certificates are actually more safe; they produce a new warning when the certificate changes. This is about "let's encrypt every single connection on the web". We're talking about people like me. I have a website with a CAcert certificate. I can check that my key as it is stored on my server (in my house) is the same key that I get when I visit the site from the US (if there's one place where the NSA should have no problem getting access it's there). > Well if one has to assume that they sit "in" the big internet exchange > points... this already gives them a lot... If they are in the building and can tap the wire, but not modify the packets, then an encrypted link is unreadable for them. > > But if they start to doubt, they can check if they have been attacked, > > by comparing their keys through an independent channel. > Well but that simply doesn't happen, does it? I recently did it, I'm guessing I'm not the only one. > So people must have your "doubts" by know, but nothing really changes. I'm talking about posts on Slashdot from people saying "I checked my certificate from home and from the US, and they were different, therefore 'someone is doing something naughty'". I haven't seen any of those. > > to convince people that not encrypting is better than encrypting > > with unchecked keys. > Well that's not what I said... I rather say the later is simply not > enough. Fair enough, you didn't say it was better, but you did disagree with "it's better to do crypto, even if it's anonymous and you have no idea who you're talking to". ... which leads to the conclusion that "it's not better to do crypto" in that situation (which isn't the same as "better not to", but close enough, I would think). > Well first... why is an attack only a problem if it's done at large > scale? Because the data we're talking about is approximately the definition of uninteresting. It's all the connections to people's private websites, personal chat sessions, that sort of stuff. The only way it is useful for them, is when they gather huge amounts of it and filter it. > If the NSA does this only for the Snowdens, Applebaums, etc. ... then > this is enough for them... In that case you can stop worrying. The NSA has billions of dollars at their disposal. If they really want some information, they will get it. There is no way we can prevent that, and we shouldn't waste our time on trying. Expect the NSA to always be able to read everything. It may not always be true, but who cares? We don't have the power to stop them. What remains, is a mostly unencrypted web. We should fix that. The NSA isn't the only one who wants to listen, and even if we can't stop the NSA, we can still stop most others. The only way to do that, is by making encryption easy and functional. Dropping CAs from the list is counterproductive. Especially with CAcert, which I expect to be disproportionally popular with Debian users. > I'm not saying that CAcert is secure or trustworthy (actually I wouldn't > use it for my own "security critical" services - neither would I use any > other CA not under my personal control)... but it's not less secure than > any other CA we ship. Unless you are really large (like Google or Microsoft), a CA under your personal control is useless. The point of a CA is that your visitors get the root key through an independent trusted channel. If you need to send your personal root key to all your visitors, you can as well send them the key you use for encryption. > And right now, the only thing we do is taking away the user's > possibility to retrieve root certificates in a secure way. > > We should not remove certs... we should add more, like CERN CA, TACAR > TERENA, etc. On that we agree, then. :-) Thanks, Bas
signature.asc
Description: Digital signature
