Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How about we solve both these problems and stop quibbling about which one we should solve first, given that they both need to be solved?


I'd rather not spend hundreds on a wildcard cert, or thousands on an EV cert, plus the costs in setting it up, until I'm sure the model is actually sound. Trusting CNNIC, no DNSSEC, etc show that Mozilla and Google aren't taking this very seriously. It's more a dog and pony show at this point with encryption.

Plus I'm still cognizant of the bullet I dodged by not having OpenSSL on my server back when Heartbleed hit.


> I'd rather not spend hundreds on a wildcard cert, or thousands on an EV cert, plus the costs in setting it up, until I'm sure the model is actually sound.

I'm 100% sure the model isn't sound.

I'm also 100% sure that a model which includes unencrypted HTTP will never be sound. The cert problem is a fixable problem, but it's not fixable while unencrypted HTTP exists.


> The cert problem is a fixable problem, but it's not fixable while unencrypted HTTP exists.

Sure it is. Whether or not HTTP exists has zero bearing on solutions to the cert problem; the cert problem is independent of the unencrypted problem (whereas the unencrypted problem is dependent on the cert problem, since the cert problem is precisely why the unencrypted problem currently exists).


Chicken, meet egg.


It's really not a chicken/egg problem. We solve the easy problem first, then the hard one. I'm not yet sure there's actually a good solution to the cert problem.

There is one solution I can think of, but it involves equating URLs with identities via a Namecoin-like system, and that technology just isn't there yet.


No. It's only chicken and egg because we needlessly conflated two very distinct problems a few decades ago.

Problem 1: isolate the communication between myself and whatever other party is actually sending me a message. Easily solved by encryption. (You're being MITM'd? That sucks. But you have now at least isolated the communication to you and the attacker. The problem domain just shrunk quite a bit.)

Problem 2: verify that the other party is who she claims to be. Not easy to solve but a completely separate problem from Problem 1.

We could solve Problem 1 tomorrow (modulo the time it takes to upgrade every browser/mail client/etc.) by simply encrypting all traffic, period, and not doing any authentication whatsoever. We would then be exactly where we are right now in terms of having a PKI system with all of its advantages and faults, but we would then have the amazing bonus feature of preventing all passive attacks, period.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: