1 |
On 09/09/2013 03:19 AM, Pavel Volkov wrote: |
2 |
> On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky <michael@××××××××.com |
3 |
> <mailto:michael@××××××××.com>> wrote: |
4 |
> |
5 |
> The CA infrastructure was never secure. It exists to transfer money away |
6 |
> from website owners and into the bank accounts of the CAs and browser |
7 |
> makers. Security may be one of their goals, but it's certainly not the |
8 |
> motivating one. |
9 |
> |
10 |
> |
11 |
> Well, at least CAcert doesn't exist for money. |
12 |
> |
13 |
|
14 |
You sort of make my point for me: |
15 |
|
16 |
If you want to access a website that uses a SSL certificate signed by |
17 |
CAcert, you might get an SSL warning. We are sorry, but currently |
18 |
that's still 'normal' as mainstream browsers don't automatically |
19 |
include the CAcert Root Certificate yet. [1] |
20 |
|
21 |
So, CACert certificates don't eliminate the browser warning, which is |
22 |
the only reason you would ever pay for a certificate in the first place. |
23 |
But why don't browsers include CACert? |
24 |
|
25 |
Traditionally vendors seeking to have their root certificates |
26 |
included in browsers (directly or via the underlying OS |
27 |
infrastructure like Safari via OS X's Keychain) would have to seek an |
28 |
expensive Webtrust audit (~$75,000 up-front plus ~$10,000 per |
29 |
year). [2] |
30 |
|
31 |
They don't pay up! So I wouldn't include CACert in my blanket statement, |
32 |
but they're not really part of the CA infrastructure and you might as |
33 |
well use a self-signed cert instead if you're gonna get a warning anyway. |
34 |
|
35 |
|
36 |
> I've got a question about Gentoo in this case. If we assume that stage3 |
37 |
> is trusted, does portage check that mirrors are trusted? |
38 |
|
39 |
No. There's a GLEP for some of these issues: |
40 |
|
41 |
https://www.gentoo.org/proj/en/glep/glep-0057.html |
42 |
|
43 |
The relevant part is, |
44 |
|
45 |
...any non-Gentoo controlled rsync mirror can modify executable code; |
46 |
as much of this code is per default run as root a malicious mirror |
47 |
could compromise hundreds of systems per day - if cloaked well |
48 |
enough, such an attack could run for weeks before being noticed. |
49 |
|
50 |
|
51 |
|
52 |
[1] http://wiki.cacert.org/FAQ/BrowserClients |
53 |
[2] http://wiki.cacert.org/InclusionStatus |