[HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]
Chris Palmer
chris at noncombatant.org
Sat Oct 16 12:59:27 PDT 2010
Eitan Adler writes:
> 1) One thing to point out is that any encryption is better than none.
Security technology is only effective if the people who rely on it
understand the guarantee and can understand when the guarantee is broken.
The easiest story to tell is "You are talking to the true server and nobody
can read or manipulate what you and the server say to each other, period,
the end."
If we start fragmenting the guarantee we have to tell more stories and more
complicated stories, such as "We don't know whom you are talking to, but
unsophisticated attackers cannot passively read your communications. Anyone
in control of or near the many hops between you and what might be the true
server can fairly easily take control of your communications and then all
guarantees are gone. There would be no way to tell if that were or were not
happening. The cost of doing this attack is getting lower, but it's hard to
say exactly how low just now. You can rely on this weak guarantee for some
servers but not for other ones. Which ones? We don't know."
So, it's not that unauthenticated encryption is completely worthless
technically, because it is true that you might get some weak protection
against unsophisticated attackers.
Unauthenticated encryption is worthless because it's too hard to explain to
the people who need it.
--
http://noncombatant.org/
More information about the HTTPS-everywhere
mailing list