|
|
|
|
|
|
by teraflop
3854 days ago
|
|
|
Telling the browser to accept all self-signed certificates is a bad idea, because it's no more difficult for an attacker to create one of those than the legitimate domain owner. Let's Encrypt has at least two huge immediate benefits: 1) It does challenge-response domain validation from an external server. It's not enough for an attacker to intercept and modify traffic between the client and server -- they also have to control the route between the server and LE. This isn't an infallible check but it dramatically raises the difficulty of an attack, especially if the check is done from multiple independent locations. 2) LE supports Certificate Transparency, which means they verifiably log all certificates that they issue to multiple third-party observatories. Even if an attacker can bypass domain validation, they can't actually get a certificate without immediately making it obvious that they've done so, giving the server operator the chance to revoke the certificate and investigate (if they're paying attention). |
|
|
This reminds me of the situation with email where if a user has not purchased a domain name, then it is nearly impossible for the user to send or recieve email without a third party "email provider".
Will encryption become the same? If at least one endpoint has not signed up with some third party (e.g., letsencrypt) _and_ purchased a domain name, then it becomes nearly impossible for two endpoints to encrypt traffic between them?
Will we ever again allow users to be fully empowered, _without the involvement of third party endpoints_ (CA's, domain regstrars, etc.), to send email, encrypt traffic, and all the other basic things one can do with a computer and an internet connection? Is it unfathomable that two parties connected to the internet might actually know and/or trust each other already, without involvement of a third party interloper?
Those are meant to be yes or no questions, or perhaps a rhetorical ones. No need to provide rationale. :)