| > They trust me because of personal history That does not mean that you know something about Security. > ... why should we trust you? That's exactly the point. This is INTERNET, we don't trust anyone, it's a dangerous place to do such action... but we have to, otherwise it's better to go a live up in the mountain. So, I prefer to trust Symantec/Google/DigiCert/etc... instead of some small business that does not even know the meaning of updating software or change default passwords. The chain of trust it's a burden, I know, why we should trust anyone? But there has to be some level of trust between two parties, and, if we can have a third one (Like an escrow) that can ensure that trust I think it's great. Even using asymmetric encryption you need to trust the other party's public key... A quick example of an unencrypted, cert-less network, an unsecure one with tons of vulnerabilities is the SS7 and the GPS systems... Since they cannot add Certificates to their BTS (base transceiver station) or their satellites, because of roaming technology, it's quite easy to set up an antenna an spoof them[1] and have full control over you phone and GPS[2] [1] https://julianoliver.com/output/log_2014-02-13_17-17 [2] http://permalink.lanl.gov/object/tr?what=info:lanl-repo/lare... |
That said, I am actually trying to move to a rather isolated place, and that is a perfectly valid option, so don't knock it.