*All trust has failed us.* Both the x509 (hierarchical/commercial) trust model (insecure, broken brokers are known to exist) and the openPGP Web of Trust(WOT) trust model(too complex, hard to use and does not map to the way humans regard trust) suck, and Trust on first use also has its problems (mainly if the first contact was intercepted).
*Trust is a client problem.* It is the client that decides over trust issues, so if we want to change the behavior we should convince the browser vendors. Then there is the how to represent trust levels to the users in a meaningful way, as even now wit 'extended validation' and 'standard validation' this is hard for users to understand. and people will just click through boxes to get the dancing pigs in most situations. *What we need is a multi-signal trust model.* If we could have a scheme that would use a combination of methods (DANE, different network views, TOFU) we would greatly improve security, if we have a way to enforce such policies, (so leave the user out) The insurmountable? problem is to convince browser vendors to implement this (and/or get standards amended). sacha On 03/14/14 18:46, Lucas Gonze wrote: > Let's say web servers auto generated self-signed certificates for any > domain that didn't supply its own certificate, likely one from an authority. > > What that would accomplish is to make the stream unreadable over the > wire, unless the attacker was willing and able to do an MITM with their > own auto generated self-signed certificate. > > It would not be hard to do that MITM, but it would be orders of > magnitude more expensive than copying unencrypted bytes off the router. > It would not be practical to do the MITM against a large portion of > traffic. The attacker would have to pick their targets. > -- We are looking for new people! https://greenhost.net/about-us/working-at-greenhost/ Greenhost - Sustainable Hosting T: +31204890444 i...@greenhost.nl https://greenhost.nl/ A digital signature can be attached to this e-mail, you need opengpg software to verify it. see: http://tinyurl.com/openpgp-manual Key fingerprint = 4F15 CE56 36AB A1C2 0D81 BE10 E12B B435 F2D5 2E48 -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
