* Michael Ströder: > Florian Weimer wrote: >> Even if you've got the certificate, you need to attack IP routing or >> DNS. If you can do that, chances are that you can mount this attack >> against one of the domain-validating RAs, and still receive a >> certificate. So the browser PKI is currently irrelevant for practical >> purposes (beyond CA revenues and giving users a warm, fuzzy feeling), >> even if everybody follows established RA procedures. > > Oh Florian, come on! You know the MITM techniques within a LAN very > well.
BCP 38 requires that active MITM attacks don't work on LANs. LANs which violate that and are under attack are typically not very usable: Search engines blocks you due to automated queries, DHCP and DNS delivers data which is not 100% accurate (with unknown consequences), you receive even more web ads than usual, rogue PPPoE servers sniff your credentials, and so on. In short, I don't think this is the use case to optimize for. > So I take your comment simply as a provocation saying that > maintaining a cert store with pre-trusted root CA certs are not > worth the effort at all. But that's also not entirely true. If you can't get rid of CAs which are snake oil because they add no value beyond suppressing the browser warning, the certificate store serves little purpose beyond CA revenue generation and improving user experience (the latter isn't a bad thing per se, actually security and perceived security are both important). _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto