Richard Laager wrote:
Their certificates could easily have been swapped out by
a MITM attack.
Whoa, you're pushing my buttons! Curiosity strikes,
have you any *empirical* evidence of this?
I hold out hope that we'll see MITMs reach reality in
HTTP systems before their decade is out, but others
have given up. It's 2004, 10 years almost since SSL
was mooted, and we are yet to see an empirical case
made against the humble MITM.
Now, if you have a trusted out-of-band channel where
you obtained the certificate or its fingerprint, then add the
certificate to your browser's trusted store. Otherwise, exercising
trust in the certificate is pointless because you're not sure of its
origin. As I said before, in this scenario, HTTPS is effectively
reduced in security to HTTP.
That's a stretch. It is based on logical possibilities,
not real life risks. For an example, look at SSH, which
happily secures a squillion sysadmin connections without
any 3rd party certs.
My prediction - SSH will take over SSL in the next 10
years, and so will opportunistic encryption.
The trust in a normal HTTPS situation flows like this:
User -> Computer Vendor -> OS Vendor -> Bundled Browser (optionally
- -> signed browser upgrades from [Alternate] Browser Vendor) -> Root
CAs (optionally -> intermediate CAs) -> Site Operator & Site
Certificate -> HTTPS Session
The trust in a normal HTTPS-enabled scenario seems to
lose thusly: scammer sends spoof email claiming things
of great import -> user clicks on recommended site ->
user sees standard site -> user enters details -> scammer
scores details -> and raids account.
Maybe it's just the fact that I lurk in places where trust
is *necessary* as there be hard money but there be no Reg
Alphabet Soup (I speak here of digital gold currencies).
There, it's pretty much the case that the Certificate stuff
is ... so far from the issue of security and trust that some
DGCs don't even use them to protect their (hard) multi-kilo-
gram transactions.
Stop making excuses. Commercial certification authorities and the
X.509 hierarchical structure make it easy for the non-technical
masses to use HTTPS.
ADH would work just as well, and at no cost. Economically,
it's a slam dunk. There is approximately zero risk of an
MITM, so one should spend approximately zero dollars, or
grams, to defend against. Self-signed certs would also
work well, and are also compatible with the current
architecture.
Due to capitalism, the CAs make money providing their service.
That would be a .... very interesting thread!
This thread is off-topic so I will refrain from any further response.
Dragging it back to OpenPGP - and I agree we are way
off threat - OpenPGP's strength is that, to the limited
extent that it does, it delivers some small basis in
trust architectures.
iang