undefined | Better HN

0 pointsmidasuni4y ago0 comments

The concern about http over https is that a bad actor can intercept and change traffic.

If you allow self signed certificates, anyone who can MITM traffic can masquerade your site just like with http

Self signed does however stop passive fibre taps - to intercept you need to MITM.

There then the “remember this cert” option. If I visit www.selfsigned.com on a secure network, my browser remembers the certificate. If I then travel to another network with a MITM, my browser can flag up a warning. This is how SSH works.

However I’m not too concerned by SSL certificates as a centralised point - my browser trusts dozens, probably more than 100, root certificates. That’s not centralisation.

0 comments

immibis4y ago

Self-signed certs should be no scarier than unencrypted connections. If self-signed certs are allowed then you can have a case for banning unencrypted connections - the way Mozilla tried to do in the past, but they didn't allow self-signed certs.

If we're not going to show interstitial warning pages for HTTP-not-S sites, so you can't see if it's HTTPS without checking the address bar, then a red open padlock and a red strike through the "https" seems sufficient for self-signed HTTPS sites. Some indication is needed, otherwise you'd see the "https" and think it was secure, but the indication shouldn't be scarier than HTTP-not-S!

mistrial94y ago

this seems to be a well-known list of trusted Certificate Authorities

https://ccadb-public.secure.force.com/mozilla/CAInformationR...