Gentoo Archives: gentoo-user

From:	Michael Orlitzky <michael@××××××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Internet security.
Date:	Mon, 09 Sep 2013 02:06:07
Message-Id:	`522D2D05.1000400@orlitzky.com`
In Reply to:	[gentoo-user] Internet security. by Dale

1	On 09/08/2013 09:33 PM, Dale wrote:
2	> Someone found this and sent it to me.
3	>
4	> http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html
5	>
6	>
7	> I'm not to concerned about the political aspect of this but do have to
8	> wonder what this means when we use sites that are supposed to be secure
9	> and use HTTPS. From reading that, it seems that even URLs with HTTPS
10	> are not secure. Is it reasonable to expect that even connections
11	> between say me and my bank are not really secure?
12	>
13
14	The CA infrastructure was never secure. It exists to transfer money away
15	from website owners and into the bank accounts of the CAs and browser
16	makers. Security may be one of their goals, but it's certainly not the
17	motivating one.
18
19	To avoid a tirade here, I've already written about this:
20
21	[1]
22	http://michael.orlitzky.com/articles/in_defense_of_self-signed_certificates.php
23
24	[2]
25	http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php
26
27	Warning: they're highly ranty, and mostly preach to the choir in that I
28	don't give a ton of background.
29
30	The tl;dr is, use a 4096-bit self signed certificate combined with
31	pinning. It's not perfect, but it's as good as it gets unless you plan
32	to make a trip to each website's datacenter in person.

Subject	Author
Re: [gentoo-user] Internet security.	Mick <michaelkintzios@×××××.com>
Re: [gentoo-user] Internet security.	Adam Carter <adamcarter3@×××××.com>
Re: [gentoo-user] Internet security.	Pavel Volkov <negaipub@×××××.com>