From: | Michael Orlitzky <michael@××××××××.com> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | Re: [gentoo-user] Internet security. | ||
Date: | Mon, 09 Sep 2013 02:06:07 | ||
Message-Id: | 522D2D05.1000400@orlitzky.com | ||
In Reply to: | [gentoo-user] Internet security. by Dale |
1 | On 09/08/2013 09:33 PM, Dale wrote: |
2 | > Someone found this and sent it to me. |
3 | > |
4 | > http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html |
5 | > |
6 | > |
7 | > I'm not to concerned about the political aspect of this but do have to |
8 | > wonder what this means when we use sites that are supposed to be secure |
9 | > and use HTTPS. From reading that, it seems that even URLs with HTTPS |
10 | > are not secure. Is it reasonable to expect that even connections |
11 | > between say me and my bank are not really secure? |
12 | > |
13 | |
14 | The CA infrastructure was never secure. It exists to transfer money away |
15 | from website owners and into the bank accounts of the CAs and browser |
16 | makers. Security may be one of their goals, but it's certainly not the |
17 | motivating one. |
18 | |
19 | To avoid a tirade here, I've already written about this: |
20 | |
21 | [1] |
22 | http://michael.orlitzky.com/articles/in_defense_of_self-signed_certificates.php |
23 | |
24 | [2] |
25 | http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php |
26 | |
27 | Warning: they're highly ranty, and mostly preach to the choir in that I |
28 | don't give a ton of background. |
29 | |
30 | The tl;dr is, use a 4096-bit self signed certificate combined with |
31 | pinning. It's not perfect, but it's as good as it gets unless you plan |
32 | to make a trip to each website's datacenter in person. |
Subject | Author |
---|---|
Re: [gentoo-user] Internet security. | Mick <michaelkintzios@×××××.com> |
Re: [gentoo-user] Internet security. | Adam Carter <adamcarter3@×××××.com> |
Re: [gentoo-user] Internet security. | Pavel Volkov <negaipub@×××××.com> |