Lucas Gonze <[email protected]> writes: > Let's say web servers auto generated self-signed certificates for any > domain that didn't supply its own certificate, likely one from an authority. > > What that would accomplish is to make the stream unreadable over the wire, > unless the attacker was willing and able to do an MITM with their own auto > generated self-signed certificate. > > It would not be hard to do that MITM, but it would be orders of magnitude > more expensive than copying unencrypted bytes off the router. It would not > be practical to do the MITM against a large portion of traffic. The > attacker would have to pick their targets. > > Thoughts?
there's perspectives project for decentralized certificate verification -- http://utopia.partidopirata.com.ar/ -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
