[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
From: |
Mouse |
Subject: |
Re: [Lynx-dev] TLS-"transport layer security" & LYNX |
Date: |
Mon, 20 Aug 2018 11:41:33 -0400 (EDT) |
> My grudge against HTTPS, for example, is that just looking through an
> average certificate store is an enourmous set of public keys - and it
> would seem to be impossible to keep up with who actually owns the
> private counterparts of these. And it only takes one to be
> compromised to throw everyone's HTTPS verifications off.
Quite so. I would be astonished if none had leaked.
But then, the whole security model was compromised the first time a
TLD-wildcard cert was issued (such as is used for "captive portal"
interposers by airlines for their in-flight wifi and the like) - or, if
you prefer, when support for them was implemented.
> But maybe one day HTTPS will be more robust, safe.
Well...maybe something derived from it will be - though I have my
doubts - but, if so, I think it won't be much like HTTPS any longer.
> Personally I think physically going to a business and being given a
> copy of their key would be good... a mix of old and new.
Yes. Throw out the whole CA-chain model; it's fundamentally broken, by
wildcards, by lack of transparency of the root-CA list, and by being
run by businesses and therefore having (from users' point of view)
perverse incentives.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML address@hidden
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B