On Mon, Mar 17, 2014 at 09:54:47AM +0100, Thijs Kinkhorst wrote: > On Mon, March 17, 2014 03:06, Bas Wijnen wrote: > > The other option is to get a > > certificate, which costs money. Except with CAcert. > > This is not true. There are several CA services recognised by the major > browsers and thus the ca-certifcates package which offer free as in money > SSL certificates; and there are several more that offer them at very low > prices.
I looked, but didn't find them. I believe you that they exist, but there are others which shout they are free, but when you go to them that doesn't seem to be true. When I found CAcert, I gave up on those misleading companies. Given the situation (described in much more detail than I was aware of by IanG), I think CAcert is by far the best certificate authority there is, especially for an organization such as Debian. I would drop all other CAs from the list before dropping CAcert. On Sun, Mar 23, 2014 at 02:50:04AM +0100, Christoph Anton Mitterer wrote: > On Sat, 2014-03-22 at 13:42 +0000, Ivan Shmakov wrote: > > First of all, accepting some > > “random” certificates may give the users some false sense of > > security. > > This is true, and also a reason why I'm really convinced of the argument > encrypt/sign,... even if it's not trusted... I don't understand what you're saying here. > Especially the argument that the only problem one has are MitM attacks > sounds kinda stupid.... since everyone that can intercept your traffic > (which an attacker would need to be able anyway - even if all was > clear-text)... can also easily do MitM attacks... No. The basis of a man in the middle attack is that both parties talk to you and think you are the other end of the communication. They encrypt their traffic against YOUR public key, instead of the actual recipient's key. If they encrypt it with the right key, you can see the encrypted traffic but not read it. You could modify the packets, but the only effect would be that they would fail to decrypt. A certificate authority does not provide the encryption keys. It only puts signatures on them. Without any CA, you can still encrypt if you have the target's public key. The problem that a CA tries to solve is "getting the public key that actually belongs to the computer I want to connect to". An evil CA cannot read your traffic (unless they are in the path of your communication). They can only convince users that some key is really yours. And that is only useful if they are in the path of communication, so they can alter the packets. So yes, MitM attacks are the only problem that CAs are defending against, and they are also the only thing to consider when trusting a CA. Thanks, Bas
signature.asc
Description: Digital signature