[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] TLS-"transport layer security" & LYNX

From: Mouse
Subject: Re: [Lynx-dev] TLS-"transport layer security" & LYNX
Date: Mon, 20 Aug 2018 11:41:33 -0400 (EDT)

> My grudge against HTTPS, for example, is that just looking through an
> average certificate store is an enourmous set of public keys - and it
> would seem to be impossible to keep up with who actually owns the
> private counterparts of these.  And it only takes one to be
> compromised to throw everyone's HTTPS verifications off.

Quite so.  I would be astonished if none had leaked.

But then, the whole security model was compromised the first time a
TLD-wildcard cert was issued (such as is used for "captive portal"
interposers by airlines for their in-flight wifi and the like) - or, if
you prefer, when support for them was implemented.

> But maybe one day HTTPS will be more robust, safe.

Well...maybe something derived from it will be - though I have my
doubts - but, if so, I think it won't be much like HTTPS any longer.

> Personally I think physically going to a business and being given a
> copy of their key would be good... a mix of old and new.

Yes.  Throw out the whole CA-chain model; it's fundamentally broken, by
wildcards, by lack of transparency of the root-CA list, and by being
run by businesses and therefore having (from users' point of view)
perverse incentives.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                address@hidden
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

reply via email to

[Prev in Thread] Current Thread [Next in Thread]