undefined | Better HN

0 pointsKarunamon10y ago0 comments

I think there are two issues being conflated here, the push to encrypt all the things, and common sense encrypting things when you're doing sensitive stuff like entering PII.

For the first use case, using HTTPS, whether it be self signed, expired, bad domain, or whatever the failure mode, is strictly better than using HTTP. It's that simple, because you're providing a layer that does not exist otherwise. Hell, at least if you're getting MITMed, it's you vs the one attacker, not you vs the government and every other kiddie with a copy of wireshark.

For the second one, we care a lot more about the authentication bit.

and an expired certificate is still invalid.

..for no good reason whatsoever. If renewing a cert required a rekey, that would be one thing, but it does not. If an attacker has compromised your private key, nothing is stopping them from going out to your CA with a fresh CSR in hand and regenning the cert themselves! The functional difference between an expired cert and a non expired one is how loud the browser whines about it - you're just as secure, identity has still been verified to the same degree. It's arbitrary and pointless and bureaucratic and causes more problems that it solves, and needs to go away.

if I'm an issuer of certificates I would expect that if I said a certificate I issued is expired, it would be treated as such.

If you're an issuer of certificates, you have a vested interest in making the process to become a competitor of yours as annoying and expensive as possible. (How'd that ~$30k WebTrust audit work out for some of the CA's recently?) You also have no differentiation in product - once you're an accepted CA, your cert is as good as VeriSign's and provides absolutely nothing that theirs does not.

What this means is that the vendors trade on fear, much like antivirus companies used to (and kind of still do) - creating this bogus perception that a signed SSL cert is anything other than a signed SSL cert depending on who you paid and how much.

0 comments

Zikes10y ago

You can get MITM'd at every single switch or router your traffic passes through, not just one attacker. That includes your government, other governments, the company running the public wifi you're connected to, your ISP, everyone.

In fact, some of them would probably do it wholesale. If PRISM doesn't already have a google.com MITM-ready certificate, they sure as hell would once we dropped the CA trust system.

> and an expired certificate is still invalid.

>..for no good reason whatsoever.

For very good reason. The certificate system is built on trust, and as soon as the expiry point is reached that certificate and the identity it represents is no longer vouched for by the CA.

KarunamonOP10y ago

I'm not advocating getting rid of the web of trust system - it has a reason to exist. What I am advocating is the burning to a smoking, lifeless crater of the current system of CAs and their mafia-like relationship with their customers. ("Gee, that's a nice website you have there, would be a shame if all your visitors got scary, misleading warnings...")

Let's Encrypt is a great first step towards that. If certs are issued by a known good actor with no perverse incentives, most of the other problems I'm complaining about completely go away, or at least become a lot less problematic, and as a nice side benefit, the Startcoms and the Verisigns of the world get to do something more productive with their time.

As to the expiration, that is a completely arbitrary and bureaucratic distinction, not a practical one. Your domain doesn't stop being owned by you and your private key doesn't lose its qualities just because the date is D+1d.

The entire concept of expiring certs could be removed from the web SSL system with no ill impact.

Look at it this way:

* If the idea was to prevent against key compromise, a rekey would be required - it isn't.

* If the idea was to re-verify your identity, renewing a cert would be more involved than logging in and pasting a CSR - it isn't. And that goes double when the cert is only for domain validation and doesn't vouch for anything other than the fact that the guy who generated the CSR had access to the server the domain points at when the cert was generated.

Both of these are practical concerns that are completely ignored - so what reasons are left?

j / k navigate · click thread line to collapse