[bpatrianakos]

Yes! I have 4 sites that I bought an SSL certificate for out of around 20 that run. If browsers wouldn't throw a warning for self-signed certificates every last one of my sites would have been secured from the start, easy. The only thing separating a self signed cert from one obtained from a CA is that the CA has some of your contact info but even then it wouldn't take a whole lot of effort to bypass their checks.

[cbr]

     The only thing separating a self signed cert
     from one obtained from a CA is that the CA
     has some of your contact info

Most CA certs are domain validated these days, which means you have to demonstrate control of the domain to get the cert.

    it wouldn't take a whole lot of effort to
    bypass their checks

It's pretty hard. If you get a CA to issue you a cert for a website you have no control over that's newsworthy and would get serious scrutiny put on that CA.

The CA system as it is isn't good, because we have to trust so many different CAs for it to work, but if CAs were widely issuing certs to the wrong parties we'd hear about it more.

[eli]

Uh, also the fact that in a MITM situation I can trivially replace your self-signed cert with my own self-signed cert.

[tomjen3]

Which you cannot do on a plain-text connection?

A non-plaintext connection is still more secure than a plaintext connection, so it shouldn't ever get a worse warning than a plain-text connection.

[eli]

If browsers want to treat it the same as plaintext (no warning but also no lock icon) I think that makes sense. Aside from the false sense of security, I agree that it is better than plaintext.

[TheLoneWolfling]

Not with certificate pinning.

[eli]

That's a very weak security solution. In some situations it's better than not using HTTPS at all, but not by a lot.

[TheLoneWolfling]

Why is it "very weak"?

It's substantially stronger than ordinary certificate authorities without certificate pinning in many ways. (Namely, an entity out of your control (a certificate authority) being compromised / exploited / coerced doesn't also compromise you.)

The weak point is at initial connection (i.e. before you have the certificate pinned, or if the certificate changes legitimately and you have no way of confirming that fact). However, even in this case it is no worse than without pinning.

(I wish that HTTPS had a certificate-passing mechanism. I.e. if the given certificate doesn't match the pinned one you contact a site that you have the certificate for already and ask it to give you the certificate it believes is for the site. Do this for the same website with multiple sites and you'll have a good idea if someone is not trying to MITM you. You'd have to have rate limiting, etc, etc, but it would in many ways solve this problem. Unfortunately, it's something that would have to be built into the protocol, or else it would be blocked often enough to not be useful. (ICMP and firewalls, for example))

[eli]

In the extremely common case of visiting a site for the first time on a new device or user agent, it provides almost no security at all. There are other problems, but that's a pretty big one.

[Matheus28]

...and the CA one actually protects you from MITM attacks (assuming your machine doesn't have nasty root certificates installed).

[kuschku]

You mean nasty root certificates like VeriSign and GoDaddy, which the NSA frequently uses for MitM?

You should do the same to those certificates that you did to TURKTRUST, just throw the US CAs out.

[cbr]

    VeriSign and GoDaddy, which the NSA frequently uses for MitM?

Link?

[kuschku]

Snowden, 2013?

[cbr]

Actual link? I don't remember reading this in any of the leaked documents and I can't find it now, though I could have missed it.