1 |
On Fri, Feb 24, 2012 at 10:43 AM, Michael Orlitzky <michael@××××××××.com> wrote: |
2 |
> On 02/24/12 02:45, Florian Philipp wrote: |
3 |
>> |
4 |
>> Let's not forget that whenever you are presented with that warning, it |
5 |
>> could also be a man-in-the-middle attack. Therefore just clicking on |
6 |
>> "Accept" on every site is about the stupidest thing you can do. |
7 |
>> |
8 |
>> I'm unsure how the warning looks when you have previously accepted a |
9 |
>> normally untrusted certificate on that site and now it is different |
10 |
>> (which could be an indication of MITM). I hope there is a big red flashy |
11 |
>> warning but I doubt it. |
12 |
>> |
13 |
> |
14 |
> Not if the certificate is "valid." |
15 |
> |
16 |
> The only sane way to handle certificates with parties you've never met |
17 |
> (i.e. every website) is the SSH method: you accept that, no matter what, |
18 |
> there's always going to be one opportunity for a man-in-the-middle |
19 |
> attack. The first time you connect, you save the remote server's |
20 |
> certificate. If it changes, freak out. |
21 |
> |
22 |
> The certificate patrol extension does this: |
23 |
> |
24 |
> http://patrol.psyced.org/ |
25 |
> |
26 |
> With it, self-signed certificates become more secure than CA-signed ones. |
27 |
|
28 |
Thanks for the link. The MultiZilla extension way back in the |
29 |
Netscape/Mozilla/Seamonkey 1.x days treated certificates like this: |
30 |
you had to approve all certs the first time, even if they were from a |
31 |
trusted CA and if it ever changed for any reason, it would refuse to |
32 |
connect unless you approved the new cert. |
33 |
|
34 |
It seems to me that's how it should *always* work, in all software |
35 |
that uses SSL certificates, but I understand wanting to keep it simple |
36 |
for non-technical users... but those are the very users most at risk, |
37 |
probably the most likely to use hostile wifi networks (in my mind, |
38 |
hostile is anything other than the router I control at my house). |
39 |
|
40 |
Additionally http://perspectives-project.org/ or |
41 |
http://convergence.io/ can help you in establishing the initial trust |
42 |
and are an attempt at eliminating the need to trust CAs at all. |