1
0
Fork 0
mirror of https://git.sr.ht/~seirdy/seirdy.one synced 2024-12-26 18:32:10 +00:00
seirdy.one/content/notes/self-signed-cert-problems.md
Seirdy ab4b9acf0a
Fix more bad/dead links
- Got permission from some more users to use archived/cached links for
  dead posts
- found new updated links for others.
- fixed brid.gy reddit backfeed due to case issue
- some http-only sites have finally adopted TLS; update their links.
2024-05-28 00:58:16 -04:00

2.4 KiB

title date lastmod replyURI replyTitle replyType replyAuthor replyAuthorURI
Self signed certificate problems 2022-10-17T11:41:38-07:00 2022-10-17T11:41:38-07:00 https://web.archive.org/web/20230422173223/https://snowdin.town/notice/AOevybwoSx4xW4lX3w self-signatures should have been treated as something normal SocialMediaPosting Luna Saphira Dragofelis https://pleroma.envs.net/users/Ae1AG6egkhnq6UN1XM

in my opinion, self-signatures should have been treated as something normal, with a warning only triggered if the site has been visited before and the signing key has changed

Two problems with self-signed Trust On First Use (TOFU):

  1. Long-lived secrets without a revocation mechanism. Current approaches---OCSP and client-side CRL checking---all use the certificate authority (CA) system.

  2. Zero defense against TLS stripping attacks during the initial connection. You need to know the connection is authentic without taking the response at its word.

You could implement revocation with your own server, but stripping attacks make it absolutely trivial for an intermediary to compromise a connection. Your initial connection is as authentic as an HTTP site, and all subsequent connections are only as secure as your initial connection. Hostile networks are increasingly the norm, so this isn't a solid foundation.

A key-pinning system only works when backed by a separate source of trust. Examples include a CA or DNSSEC trust anchor (for DANE).

Unfortunately, HTTP Public Key Pinning never took off since admin errors could irrevocably nuke a site, and browser devs don't want DANE without pinning.

banks and other sites needing higher-than-usual trust would still use authority-signed certificates

I disagree that good security should be limited to "big important players" rather than being the default behavior. "Normal" sites often feature popular interception targets such as donation links, contact methods, log-ins, etc.

If we're going to get rid of the CA system, we should replace it first. Tor and Yggdrasil seem like interesting alternatives, though lacking domain names.