[Karunamon]

Rant mode:

If I understand right, getting a replacement cert doesn't result in a change of the private key anyways.

It's just magically, on the expiration date, your cert is somehow insecure and we must treat it as if YOU ARE IN DANGER!! - even though it's still better than then plain HTTP that everyone uses every single goddamned day. Hell, a self signed cert is better than plain HTTP, yet for some backwards-ass reason we treat it as worse, despite the fact it makes you immune from passive eavesdropping and any injection attacks, which the average person is a lot more likely to run into than a self-signed cert being used by an attacker to MITM you.

CA's are a scam and a racket. I can't wait for Mozilla's Let's Encrypt[1] to come along and put them all out of business, hopefully before the last decade or so of training users to ignore the wolf-crying cert warnings comes to fruition.

Yeah, this is irresponsible on Manjaro's part, they know the rules of the game, but the game is broken!

[1] http://letsencrypt.org

[billpg]

A "passive eavesdropper" has all the information they need to become an active man-in-the-middle. Observe the DNS query on its way out and send your own response with your IP before the real response comes back. The client will then make its TCP connection to that injected IP.

[userbinator]

send your own response with your IP before the real response comes back

Being able to inject traffic is not "passive".

[billpg]

The DNS response doesn't have to come from the same channel as the original request. If you've got an ISP that doesn't check the source IP of what you're sending, your target's endpoint will see your fake response and treat it as the real one.

Where we stand now, the only thing stopping an eavesdropper from becoming a man-in-the-middle is the will and resources of that eavesdropper.

[Karunamon]

Yup - but there's still a difference. Someone might just want to snoop on your traffic rather than mess with it.

[Zikes]

Self-signed can be worse because by the same token it can be MITM'd by another self-signed cert. It would create the false illusion of security, which could lead people to provide information they otherwise would not have.

[xg15]

With all due respect, how is that worse than HTTP? Plain HTTP can be MITMed just as well, only that on HTTP - except that no one would do that because for HTTP, plain old packet sniffing is enough to eavesdrop on a connection. Which doesn't work for self-signed HTTPS connections. And there are in fact a lot of common scenarios where it is easy for an attacker to sniff packets but harder to establish an MITM.

[Zikes]

Because you'd never put your credit card into an HTTP web site, but you would on HTTPS.

Your argument about MITM being uncommon is moot because it's not impossible and is only rare because the current system is the way that it is. Changing the system would change the attackers' methods.

[icebraining]

Worse in the sense that you expect an HTTPS connection to be secure, while you don't (or shouldn't!) expect an HTTP connection to be.

[Karunamon]

Then treat a self signed HTTPS cert as equivalent to an unsecured HTTP connection and be done with it.

There's absolutely no reason that the most common failure modes (expiration, bare domain vs www., self signed) presents warnings that Something Fishy Is Going On®, when 9999/10000 times, there is not.

Smoke coming from my neighbor's yard in the summer might be a fire, but in all likelihood, they're running a barbecue grill. The SSL equivalent would be calling the fire department every time someone puts some steaks on.

[icebraining]

You can't treat a self-signed HTTPS cert as equivalent, because it has "https" in the URL, which people use to distinguish a safe connection from an unsafe one.

[Karunamon]

In a graphical browser as used by most people? Sure you can. Chrome's method of striking out the https bit and turning it red is quite evocative.

What I take issue with here is the "HOLY CRAP, STOP EVERYTHING!" nature of the warnings as thrown by browsers nowadays. The severity of the warning is not proportional to the likelihood of there being something actually wrong, hence crying wolf. ("Yes, I know this is a self signed cert, because it's mine, now screw off and load the page I asked you to, thanks.") IMAO, there is zero reason for an expired certificate to throw this kind of warning.

And there's an argument that there's a good reason for that, but that reason ignores the fact that users have been steadily conditioned to click past the warnings, and most of the time, to no ill effect.

Apparently enough people fail to make the connection that there are plans to apply the same thing to plain http connections sometime in the near future.