undefined | Better HN

0 pointswyager4y ago0 comments

I'm not sure I feel great about gating feature A behind completely unrelated feature B just because manufacturers like feature B. Even if feature B is concretely pretty good (which is debatable for https as it exists now), this seems bad on principle.

0 comments

jorl174y ago

I'm interested: why do you think it is debatable if HTTPS is "concretely pretty good" as it exists now?

Nextgrid4y ago

It's not always necessary. Think fully offline networks that can't/won't use a CA anyway, or networks where physical/machine access is the intended layer of security (a web server running on localhost).

In these scenarios a self-signed certificate will rarely improve security because most users will click through the warning anyway in case of an MITM attack.

unqueued4y ago

Users should not have to rely on the network being isolated for security.

Even when I have an offline network, I still use SSH whenever possible.

Yes, I don't benefit from initial verification, but I pin the certificate from then on.

I don't think that the current "all or nothing" paradigm that we use with SSL in browsers makes any sense.

I have been really disappointed over the last few years deploying network connected devices and trying to make their services available in a secure way.

It is not really possible for ipcams, routers, etc to offer services in HTTPS in a semi-online network. There should be a kind of 'encrypted but unverified' mode.

Even the worst failure mode is no worse than a plaintext connection.

1 more reply

pornel4y ago

Browsers make an exception for localhost and treat it as a secure context.

It's also possible to get a certificate from a CA using any public IP address, and then reuse that cert for LAN. Certs are bound to domain names, not IP addresses.

1 more reply

judge20204y ago

If it helps, it really doesn’t care what certificate the page it signed with, whether that be localhost, Mozilla CA participants, or maybe even a future CA fork for Russia if that happens. Plaintext HTTP is just not advisable even on a private network when some inline network device like LAN turtle could be passively exfiltrating traffic.

bhawks4y ago

The browser security model is trivially defeated without the usage of https. IT is not an orthogonal or unrelated feature.

Making all new API development available only when content is delivered via a mechanism that provides the foundation for the rest of web security is good engineering practice.

j / k navigate · click thread line to collapse

0 comments

jorl174y ago

I'm interested: why do you think it is debatable if HTTPS is "concretely pretty good" as it exists now?

Nextgrid4y ago

In these scenarios a self-signed certificate will rarely improve security because most users will click through the warning anyway in case of an MITM attack.

unqueued4y ago

Users should not have to rely on the network being isolated for security.

Even when I have an offline network, I still use SSH whenever possible.

Yes, I don't benefit from initial verification, but I pin the certificate from then on.

I don't think that the current "all or nothing" paradigm that we use with SSL in browsers makes any sense.

I have been really disappointed over the last few years deploying network connected devices and trying to make their services available in a secure way.

It is not really possible for ipcams, routers, etc to offer services in HTTPS in a semi-online network. There should be a kind of 'encrypted but unverified' mode.

Even the worst failure mode is no worse than a plaintext connection.

1 more reply

pornel4y ago

Browsers make an exception for localhost and treat it as a secure context.

It's also possible to get a certificate from a CA using any public IP address, and then reuse that cert for LAN. Certs are bound to domain names, not IP addresses.

1 more reply

judge20204y ago

bhawks4y ago

The browser security model is trivially defeated without the usage of https. IT is not an orthogonal or unrelated feature.

Making all new API development available only when content is delivered via a mechanism that provides the foundation for the rest of web security is good engineering practice.

j / k navigate · click thread line to collapse