| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by yellowapple 4085 days ago

> I disagree. There's a significant amount of security we gain from collectively using the CA system over self signed certificates.

You're actually losing security by trusting the CA model, though. You have no means of control or independent audit. This is the same reasoning behind free-and-open-source software being inherently more secure and trustworthy than their closed-source counterparts; "transparency is a dependency of trust" is just as applicable here as it is in any other security-sensitive situation.

This is why decentralization is absolutely essential, and the longer we go on sitting on our haunches and pretending that the current system is "good enough", the worse the problem becomes.

> If a CA is subverted my browser or OS vendor can pull the CA or the CA, if trustworthy, can revoke the certificates.

That trustworthiness is a very big if.

> In a scenario without CAs, I visit example.com and my browser vendor has no idea that I'm being MitM'd nor do I since I've never been to example.com and examined the certificate.

There are numerous ways to achieve certificate verification without relying on a centralized CA system. Even with self-signed, you can detect private key changes (this is how SSH is protected against MITM attacks; in practice, this rather-simple security measure has been very hard to circumvent). For more verification, there are plenty of ways to achieve that in a decentralized manner, be it web-of-trust (PGP-style) or a cryptographic ledger (Namecoin-style) or something else entirely. Hell, there are already systems like DNSChain that implement the latter approach; that would be infinitely better than the current system.

> But to suggest that the security benefits

What security benefits? All the purported "benefits" are entirely fictional, since they rely exclusively on arbitrary trust in arbitrary entities. That's not security, no more than me handing you a briefcase full of cash and you promising you'll hold onto it for me is "security".

The sense of security you feel with the current CA system is very much false. You're relying enirely on luck, and have absolutely zero assurance that your luck will continue to be good.