On Thu, Aug 31, 2017 at 02:45:03PM +0200, hiro wrote:
> > I agree or just a simple HTTPs browser bookmark. I think thats better on
> > many
> > levels, for example otherwise someone can also spoof a plain HTTP redirect.
>
> Browser distributors had the chance to implement something like this,
> plus client side certificate pinning, but they fucked it up.
>
I agree, still I think its a good thing to provide TLS optionally. Another
idea would be to also add support for Tor hidden services, this is trivial to
add.
> Now we have something much worse: letsencrypt and this completely
> insecure http redirection snake-oil.
>
These are 2 different issues and HTTP redirection is optional.
> With letsencrypt you now have to put extra work (can't keep track of
> all the individual subdomains either, wildcards are suddenly a
> security risk?!), and nobody bothers to quanitfy the amount of gained
> security.
>
Renewing certificates is much easier with LetsEncrypt. All subdomains of
suckless are known. There are too many subdomains though imho.
Wildcard implementations can be a security risk since they are more complicated.
An example was a wildcard certificate that is NUL terminated and some CA's and
browsers accepted a wildcard for ALL domains (in a nutshell).
See the legendary talk:
More Tricks For Defeating SSL
by Moxie Marlinspike
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
Though LetsEncrypt announced it will likely support wildcard domains in Januari
2018.
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
> Instead of having to trust garbeam I now have to trust third persons
> (i can't even count them), because it's too much work for garbeam to
> just make a certificate that my browser will think is ok.
>
That's bullshit, the difference is the certificate is signed by a CA. It's up
to you to decide to trust and use it anyway.
> That's why I wonder why you have put all this effort to begin with.
> Who are you trying to protect who isn't already gonna use the Ubuntu
> pgp-signed packages?
The Ubuntu package maintainers have to fetch the sources in a trusted way. I
agree this is not solved with HTTPS.
That's why the sources could be PGP signed aswell (just an idea atm).
> The people who manage to write code and compile
> it and contribute back who already have the sshd public key trusted in
> their .ssh folder?
>
Yes, but thats the minority unfortunately.
As usual you're not offering any solutions. But you were more constructive than
usual. Are you feeling well, hiro?
--
Kind regards,
Hiltjo
