[HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]
Eitan Adler
lists at eitanadler.com
Sun Oct 17 10:41:33 PDT 2010
On Sat, Oct 16, 2010 at 3:59 PM, Chris Palmer <chris at noncombatant.org> wrote:
> Eitan Adler writes:
>
>> 1) One thing to point out is that any encryption is better than none.
>
> Security technology is only effective if the people who rely on it
> understand the guarantee and can understand when the guarantee is broken.
>
> The easiest story to tell is "You are talking to the true server and nobody
> can read or manipulate what you and the server say to each other, period,
> the end."
But this isn't the true story.
The correct story is "You are most likely talking to the server that
___ certify is the really the one you want to some degree of
mathematical certainty" And the story changes based on whether you
use 2048 or 4096 bits and which algorithm is used to generate the key.
You are right that opportunistic encryption does not provide the same
degree of certainty that checking certificates does. However no
security is perfect and using opportunistic encryption raises the bar
for an attacker.
Given the number of false negs with bad certificates I tend to rely on
TOFU/POP security anyways.
Its silly to not provide some sort of security because it won't stop
/all/ attacks.
> Unauthenticated encryption is worthless because it's too hard to explain to
> the people who need it.
Good security does not require explanation to the users. You do not
need to explain to users that yes, the browser is trying to help you
defeat the most common type of attack. Keep it transparent - don't
display a lock, don't make the address bar blue/green/whatever. Just
get the encryption.
>
> So, it's not that unauthenticated encryption is completely worthless
> technically, because it is true that you might get some weak protection
> against unsophisticated attackers.
Which are the most common types of attackers. Most of the time
attackers attack the lowest apple because there are so many of them.
If you are just a little harder to attack you will survive the
majority of attacks.
>This is why I suggested it as a configuration option.
As did I.
>It just can't be the default (though we can do things like detect if
>Perspectives is installed and then enable all rules automatically).
I never asked for it to be the default
--
Eitan Adler
More information about the HTTPS-everywhere
mailing list