|
|
|
|
|
|
by Jasper_
3854 days ago
|
|
|
TLS is a system designed to support both authentication and encryption. Losing authentication is actually a pretty big deal, so of course browsers won't do it. Encryption without authentication isn't really a good idea, because you can trivially MITM someone, serve them your certificate for google.com, open up a connection to google.com yourself, and it's now effectively as good as plain-text. The security community was really upset with SuperFish and the recent Dell eRoot for the same reason -- you effectively lost accurate authentication, making it pretty easy to degrade someone's connection to plain-text. |
|
|
This assumes the user is relying on certificates for authentication. Certificates that are likely tied to domain names.
What if the user authenticates by another means? SSH keys, real life meeting and exchange of keys, keys printed on paper and sent in the postal mail, etc. No domain name involved.
There are other ways to authenticate an endpoints besides domain names and certificates.
It's possible to have encryption without authentication.
It's also possible to have each of encryption and authentication handled by a different program. What we have now are programs that try to do both, and may do a very bad job of one at the expense of the other. These programs provide a false sense of "security".
The fundamental question: Are domain names easier to MITM than IP addresses?