On Wed, Mar 02, 2011 at 10:24:49AM -0500, Marc Deslauriers wrote: > On Wed, 2011-03-02 at 17:05 +0200, Clint Byrum wrote: > > On Wed, 2011-03-02 at 08:45 -0500, Marc Deslauriers wrote: > > > On Wed, 2011-03-02 at 08:23 +0000, Hakan Koseoglu wrote: > > > > Forcing a naive system administrator to think about SSL & certificates > > > > is at least something useful. Of course there should be abilities to > > > > opt-out where SSL is not required. On the other hand, it's like saying > > > > "on secured networks SSH is not required, telnet is all you need" and > > > > I'm sure all of us would look at that sentence and mutter "insanity!". > > > > > > Please don't compare using password-protected SSH with using self-signed > > > certificates. Using passwords instead of certificates with SSH has no > > > impact on it's effectiveness against MITM attacks. Of course it's better > > > then Telnet. > > > > > > It is trivial to MITM self-signed certs, thereby countering any security > > > advantage by adding SSL. Of course, I assume that people who are > > > clicking Accept in their browser aren't validating the SSL cert > > > fingerprint, as technical SSH users are instructed to do. > > > > > > > I think you're trivializing a decent analogy, though I agree its not > > entirely the same. However, SSH carries the same fingerprint > > verification problem that makes MITM just as simple on the first > > connection. Most browser users will save the certificate and be warned > > if it changes, just like the SSH user will be warned. > > > > The main difference is that ssh would generally be used by a more > > conscientious user than a browser user. > > > > I totally agree. > > If web ssl self-signed certs were only for sysadmins who would know to > validate the fingerprint and suspect something is wrong when they get a > new browser warning, there would be a big advantage to turning it on. > > Unfortunately, that's not the case, and it's why you can't deploy > self-signed certs to end users and expect any level of security. > > Marc.
I'm not sure where I stand on the general question, but it seems to me that there is indeed a substantial middle ground, e.g. self-signed certs are useful in protecting against passive wireless attacks. It all depends on the threat model for the particular app and the state of the attack software available to casual attackers. Contrasting this with STARTTLS might also be instructive, though of course there are big differences. But last I checked (a while ago) a substantial amount of SMTP traffic was encrypted based on self-signed certificates because it was made pretty easy-to-do, though that was more likely to be used between servers than from an end user. Neal McBurnett http://neal.mcburnett.org/ -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
