In both cases he should inspect the code to make sure that there are no NSA backdoors in it. But once this is established, there's also the risk of bugs caused by genuine mistakes. In that case, it's best to use an implementation that a lot of competent people looked at.
But that's all assuming that it's a production use-case.
If @angristan wants it eg. for educational purposes, as-simple-as-possible would be better than battle-harded.
The thing is, with crypto you often don't know you got it wrong until something really bad happens.
So I'd say, do roll your own crypto, but then don't use it for anything serious.
Your blog's HTTPS may be serious enough not to use own crypto, and your personal server's (or even your laptop's or raspi's) SSH definitely is serious enough.
>are you going to use Let's Encrypt anyway?
yeah, what's wrong with LetsEncrypt?
@Shamar CA certs get rotated every so often. Besides, what's the chance that Verizon and the like have such a private key? And then, what's the chance they're gonna risk burning it (as in: making people aware of it) by using it to inject ads?
The Web PKI is broken but it's still better than nothing.
And even if there weren't CAs and all certs in the world were self-signed, I'd still use HTTPS.
If you get rid of CAs and replace them with DNSSEC, you get incremental improvement, because now there's only one SPoF instead of 100, and the rest of the entities in the trust chain are scope-limited - they can only sign stuff under their domains.
Besides, for domain-validated certs, the CA model is bullshit, because only the registrar knows if it's really your domain or not.
With CAs, the registrar decides which domains you control, but then a CA has to guess or verify whether you really control that domain and whether to issue a cert.
IMO CAs make sense only for organization-validated certs, i.e. ones which say "Some Bank Inc." with a full suing address.
@Shamar >WITHOUT CHANGING A SINGLE WIRE
ok, I see, so it either doesn't take any time or work to rewrite shitloads of code, and get thousands of people to agree on something different than what they've already agreed on, or it does time and work, but time and work are free?
@Shamar As for stacking patches over patches - yes, it's not a good long-term strategy. But it's gonna take some time to develop a replacement, and in the meantime it's better to people to use some stopgap solution, instead of running everything over unencrypted HTTP because "we're gonna be pwned anyway, why bother".
@Shamar I'd say that MOST usecases benefit from HTTPS
I think that you are mistaken on how CT operates. CAs submit certificates to CT logs that are signing them. A certificate is required to be signed by several trusted CT logs. An malicious party would have to compromise several logs run by various companies to effectively defeat them.
Yeah but you wouldn't use HTTPS to subvert your government, silly.
There are whole classes of attackers who don't have the power to subvert a CA. To defend from them, geopolitics aren't too relevant.
And again, nobody's saying HTTPS is an ultimate solution. Just that it's slightly better than unencrypted HTTP.
Your argument is like... because wearing a jacket won't protect me from temperatures of -80 celsius, I'm not gonna wear a jacket during winter at all.
And for caching, it leaves the decision up to the user, whether they want a secure connection, or a cached one.
Also, your previous arguments are IMO more likely make people feel hopeless and helpless because "HTTPS is broken anyway so there's no point using it, we're gonna be pwned anyway" instead of thinking critically.
They've subscribed to one simplistic, extreme view, and you're trying to make them think critically by what... pushing an opposite simplistic, extreme view?
The only reaction you're gonna get is "fuck you, everything you say is wrong".
>As I said, there ARE use cases for #HTTPS.
This is what you should've started with. But you only said it like 8 posts deep into the discussion.
Didn't say you should do nothing.
You could ask smart questions.
You could give them hints that will make them think.
But don't explicitly state something you know they cannot accept right now.
Or at least that's what I think would work, and that's what I'd try.
But I'm no expert.
Do whatever you want.
Telling people ridiculous stuff has the benefit of extending the Overton window.
The Overton Window is the range ideas broadly accepted by society. The theory is that saying things that are outside that range has the effect of expanding the range.
You'll say that I didn't read carefully. Maybe I didn't.
And you'll say that if people don't read carefully, it's their fault. Maybe it is.
But it's you who is trying to convince people, so if your strategy works only if they read carefully, and on average they actually don't, then that's a shitty strategy.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!