- From: Paul Libbrecht <paul@hoplahup.net>
- Date: Mon, 19 Jan 2015 13:22:12 +0100
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: "Henry S. Thompson" <ht@inf.ed.ac.uk>, Mark Nottingham <mnot@mnot.net>, Henri Sivonen <hsivonen@hsivonen.fi>, Chris Palmer <palmer@google.com>, Noah Mendelsohn <nrm@arcanedomain.com>, "Michael[tm] Smith" <mike@w3.org>, Tim Berners-Lee <timbl@w3.org>, Public TAG List <www-tag@w3.org>
On 12 déc. 2014, at 21:55, Paul Libbrecht <paul@hoplahup.net> wrote: > How do you distinguish that happening from a man-in-the-middle attack > without every site that uses TLS also adopting key pinning (and the > administrative nightmares that gives)? Anne, do you happen to talk to someone you do not know on the street? It happens to me, and I never ask for an ID card before! ;-) So the answer to your question is: I do not differentiate it from a MITM attack (probably weak UI-signs could be used, such as the fact that it's a known cert). MITM-attacks are possible but that does not mean that everyone is being attacked. That's the way http has been working and it still does. The problem with the move suggested in thread is well summarized in this sentence. > Anything but proper CA certificates is a major attack vector and if > anything we should move towards making it impossible to connect to > such sites. It is precisely this: recommendations have been expressed in such a way as it could be understood as "we should all rush to everything secure"… but there's no reason for such a rush and the smooth path to something more secure needs a decent support for self-signed-certs, I claim. Paul
Received on Monday, 19 January 2015 12:23:10 UTC