@Shamar @sascha

In both cases he should inspect the code to make sure that there are no NSA backdoors in it. But once this is established, there's also the risk of bugs caused by genuine mistakes. In that case, it's best to use an implementation that a lot of competent people looked at.

But that's all assuming that it's a production use-case.

If @angristan wants it eg. for educational purposes, as-simple-as-possible would be better than battle-harded.

@Shamar @sascha @angristan

The thing is, with crypto you often don't know you got it wrong until something really bad happens.

So I'd say, do roll your own crypto, but then don't use it for anything serious.
Your blog's HTTPS may be serious enough not to use own crypto, and your personal server's (or even your laptop's or raspi's) SSH definitely is serious enough.

>are you going to use Let's Encrypt anyway?

yeah, what's wrong with LetsEncrypt?

@Shamar I prefer malicious ISPs not to inject ads into my blog when others view it.

Also, with the current CA model, it's enough if there's one malicious CA to create an attack.
So a situation in which you have one CA controlled by a dubious company is better than one with 100 of CAs, out of which 50 are controlled by dubious companies.


You just need ONE broken on the planet, specifically just ONE private key lost without disclosure, to impersonate ANY website.

Now think about the whole world and give an estimate of how many times this happened already.

This is how secure is.

@Shamar CA certs get rotated every so often. Besides, what's the chance that Verizon and the like have such a private key? And then, what's the chance they're gonna risk burning it (as in: making people aware of it) by using it to inject ads?

The Web PKI is broken but it's still better than nothing.

And even if there weren't CAs and all certs in the world were self-signed, I'd still use HTTPS.

@Shamar @Wolf480pl That's why we have certificate transparency and cert pinning. CT is mandatory now. Subscribe to a CT monitor and you will be notifier if such a thing happens.

@mimi89999 @Shamar
Also, a wider use of DANE (TLS fingerprints in DNSSEC records) would improve the situation, too.

@Shamar @mimi89999
I'm not fuckin' looking for a definitive solution. I'm looking for an incremental improvement.

If you get rid of CAs and replace them with DNSSEC, you get incremental improvement, because now there's only one SPoF instead of 100, and the rest of the entities in the trust chain are scope-limited - they can only sign stuff under their domains.

Besides, for domain-validated certs, the CA model is bullshit, because only the registrar knows if it's really your domain or not.

@Shamar @mimi89999
With DNSSEC you have single source of truth: the registrar decides which domains you control, and you can have certs for exactly those domains.

With CAs, the registrar decides which domains you control, but then a CA has to guess or verify whether you really control that domain and whether to issue a cert.

IMO CAs make sense only for organization-validated certs, i.e. ones which say "Some Bank Inc." with a full suing address.

>not expensive

ok, I see, so it either doesn't take any time or work to rewrite shitloads of code, and get thousands of people to agree on something different than what they've already agreed on, or it does time and work, but time and work are free?

@Shamar As for stacking patches over patches - yes, it's not a good long-term strategy. But it's gonna take some time to develop a replacement, and in the meantime it's better to people to use some stopgap solution, instead of running everything over unencrypted HTTP because "we're gonna be pwned anyway, why bother".

@Shamar I'd say that MOST usecases benefit from HTTPS

@Shamar @Wolf480pl Yes. Currently it is only supported in Chrome, but that should change in the future.

I think that you are mistaken on how CT operates. CAs submit certificates to CT logs that are signing them. A certificate is required to be signed by several trusted CT logs. An malicious party would have to compromise several logs run by various companies to effectively defeat them.

@Shamar @mimi89999
Yeah but you wouldn't use HTTPS to subvert your government, silly.
There are whole classes of attackers who don't have the power to subvert a CA. To defend from them, geopolitics aren't too relevant.

And again, nobody's saying HTTPS is an ultimate solution. Just that it's slightly better than unencrypted HTTP.

Your argument is like... because wearing a jacket won't protect me from temperatures of -80 celsius, I'm not gonna wear a jacket during winter at all.

@Shamar @mimi89999
You can support both HTTP and HTTPS at the same time, and that gets rid of the accessibility problem.

And for caching, it leaves the decision up to the user, whether they want a secure connection, or a cached one.

Also, your previous arguments are IMO more likely make people feel hopeless and helpless because "HTTPS is broken anyway so there's no point using it, we're gonna be pwned anyway" instead of thinking critically.

@Shamar @mimi89999
But your misinformation IS misinformation.

They've subscribed to one simplistic, extreme view, and you're trying to make them think critically by what... pushing an opposite simplistic, extreme view?
The only reaction you're gonna get is "fuck you, everything you say is wrong".

>As I said, there ARE use cases for #HTTPS.

This is what you should've started with. But you only said it like 8 posts deep into the discussion.

@Shamar @mimi89999

Also, maybe instead of telling people they're wrong, you should make them figure it out on their own?
If it's THEM that come to the conclusion that eg. disabling JS by default, or using plain HTTP in some cases, is the right thing to do, they're more likely to accept it.


Didn't say you should do nothing.
You could ask smart questions.
You could give them hints that will make them think.
But don't explicitly state something you know they cannot accept right now.

Or at least that's what I think would work, and that's what I'd try.
But I'm no expert.
Do whatever you want.
Telling people ridiculous stuff has the benefit of extending the Overton window.

The Overton Window is the range ideas broadly accepted by society. The theory is that saying things that are outside that range has the effect of expanding the range.



@Argus @Shamar I'd say "potentially acceptable" or "not unreasonable to consider" rather than "broadly accepted", but yeah, this is what I meant.

@Shamar @Argus
Overton window is more about policy than technology.

Will nazism be acceptable? Will China-style social engineering be acceptable? Should they be acceptable?

@Shamar @mimi89999
yeah, you totally seemed like a person who says "there's no point using HTTPS at all." That's the impression I got, and I don't think I'm the only one.

You'll say that I didn't read carefully. Maybe I didn't.
And you'll say that if people don't read carefully, it's their fault. Maybe it is.

But it's you who is trying to convince people, so if your strategy works only if they read carefully, and on average they actually don't, then that's a shitty strategy.

@Shamar @Wolf480pl MITMing won't get them anywhere as SCTs are usually delivered appended to certificates using X.509v3 Extension.

Please read certificate-transparency.org/h

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!