| 1 |
On 09/09/2013 03:19 AM, Pavel Volkov wrote: |
| 2 |
> On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky <michael@××××××××.com |
| 3 |
> <mailto:michael@××××××××.com>> wrote: |
| 4 |
> |
| 5 |
> The CA infrastructure was never secure. It exists to transfer money away |
| 6 |
> from website owners and into the bank accounts of the CAs and browser |
| 7 |
> makers. Security may be one of their goals, but it's certainly not the |
| 8 |
> motivating one. |
| 9 |
> |
| 10 |
> |
| 11 |
> Well, at least CAcert doesn't exist for money. |
| 12 |
> |
| 13 |
|
| 14 |
You sort of make my point for me: |
| 15 |
|
| 16 |
If you want to access a website that uses a SSL certificate signed by |
| 17 |
CAcert, you might get an SSL warning. We are sorry, but currently |
| 18 |
that's still 'normal' as mainstream browsers don't automatically |
| 19 |
include the CAcert Root Certificate yet. [1] |
| 20 |
|
| 21 |
So, CACert certificates don't eliminate the browser warning, which is |
| 22 |
the only reason you would ever pay for a certificate in the first place. |
| 23 |
But why don't browsers include CACert? |
| 24 |
|
| 25 |
Traditionally vendors seeking to have their root certificates |
| 26 |
included in browsers (directly or via the underlying OS |
| 27 |
infrastructure like Safari via OS X's Keychain) would have to seek an |
| 28 |
expensive Webtrust audit (~$75,000 up-front plus ~$10,000 per |
| 29 |
year). [2] |
| 30 |
|
| 31 |
They don't pay up! So I wouldn't include CACert in my blanket statement, |
| 32 |
but they're not really part of the CA infrastructure and you might as |
| 33 |
well use a self-signed cert instead if you're gonna get a warning anyway. |
| 34 |
|
| 35 |
|
| 36 |
> I've got a question about Gentoo in this case. If we assume that stage3 |
| 37 |
> is trusted, does portage check that mirrors are trusted? |
| 38 |
|
| 39 |
No. There's a GLEP for some of these issues: |
| 40 |
|
| 41 |
https://www.gentoo.org/proj/en/glep/glep-0057.html |
| 42 |
|
| 43 |
The relevant part is, |
| 44 |
|
| 45 |
...any non-Gentoo controlled rsync mirror can modify executable code; |
| 46 |
as much of this code is per default run as root a malicious mirror |
| 47 |
could compromise hundreds of systems per day - if cloaked well |
| 48 |
enough, such an attack could run for weeks before being noticed. |
| 49 |
|
| 50 |
|
| 51 |
|
| 52 |
[1] http://wiki.cacert.org/FAQ/BrowserClients |
| 53 |
[2] http://wiki.cacert.org/InclusionStatus |
Archives