On Monday, April 13, 2015 at 8:26:59 PM UTC-7, ipar...@gmail.com wrote: > > * Less scary warnings about self-signed certificates (i.e. treat > > HTTPS+selfsigned like we do with HTTP now, and treat HTTP like we do with > > HTTPS+selfsigned now); the fact that self-signed HTTPS is treated as less > > secure than HTTP is - to put this as politely and gently as possible - a > > pile of bovine manure > > I am against this. Both are insecure and should be treated as such. How is > your browser supposed to know that gmail.com is intended to serve a > self-signed cert? It's not, and it cannot possibly know it in the general > case. Thus it must be treated as insecure.
Except that one is encrypted, and the other is not. *By logical measure*, the one that is encrypted but unauthenticated is more secure than the one that is neither encrypted nor authenticated, and the fact that virtually every HTTPS-supporting browser assumes the precise opposite is mind-boggling. I agree that authentication/verification is necessary for security, but to pretend that encryption is a non-factor when it's the only actual subject of this thread as presented by its creator is asinine. > > > * Support for a decentralized (blockchain-based, ala Namecoin?) certificate > > authority > > No. Namecoin has so many other problems that it is not feasible. Like? And I'm pretty sure none of those problems (if they even exist) even remotely compare to the clusterfsck that is our current CA system. > > > Basically, the current CA system is - again, to put this as gently and > > politely as possible - fucking broken. Anything that forces the world to > > rely on it exclusively is not a solution, but is instead just going to make > > the problem worse. > > Agree that it's broken. The fact that any CA can issue a cert for any domain > is stupid, always was and always will be. It's now starting to bite us. > > However, HTTPS and the CA system don't have to be tied together. Let's ditch > the immediately insecure plain HTTP, then add ways to authenticate trusted > certs in HTTPS by means other than our current CA system. The two problems > are orthogonal, and trying to solve both at once will just leave us exactly > where we are: trying to argue for a fundamentally different system. Indeed they don't, but with the current ecosystem they are, which is my point; by deprecating HTTP *and* continuing to treat self-signed certs as literally worse than Hitler *and* relying on the current CA system exclusively for verification of certificates, we're doing nothing to actually solve anything. As orthogonal as those problems may seem, an HTTPS-only world will fail rather spectacularly without significant reform and refactoring on the CA side of things. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform