Conversation:

Notices

1. Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Friday, 06-Sep-2013 04:14:52 EDT Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca

   Remote profile options...

   • sazius
   With a self-signed cert you can't be sure of the absolute identity of the cert holder (so maybe a Man In The Middle), but at least you can be sure it's the *same* MITM every time.
   • Joshua Judson Rosen (rozzin)'s status on Friday, 06-Sep-2013 10:08:47 EDT Joshua Judson Rosen

     • Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
     @bobjonkman, there are ways of ensuring that there is no MITM with self-signed #crypto certs. You just need a trustworthy way of doing the initial cert-exchange, like in-person or via a trusted courier (which is what the certificate-authorities are supposed to be).
     mcscx and lnxw37 (lnxwalt on quitter) like this.
   • Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Saturday, 07-Sep-2013 06:52:49 EDT Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca

     Remote profile options...

     • Joshua Judson Rosen
     If the initial cert-exchange isn't trusted, but a sufficient number of trusted signers have verified the validity of the certificate, then that certificate can still be trusted. Same Web Of Trust principle as GnuPG. Sadly, browsers (& some distros) do not include WoT-based root certificates, eg. CAcert
   • Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca (bobjonkmanformer)'s status on Saturday, 07-Sep-2013 07:20:28 EDT Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca

     Remote profile options...
     I never understood the trust relationship between commercial Certificate Authorities and their clients. Do the clients pay lots of money to the CAs because they trust the CAs? Or do the clients trust the CAs because they pay them lots of money?
   • Joshua Judson Rosen (rozzin)'s status on Saturday, 07-Sep-2013 12:33:22 EDT Joshua Judson Rosen

     • Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
     I think we pay CAs because we think we will be able to trust them if we pay them.
   • Joshua Judson Rosen (rozzin)'s status on Saturday, 07-Sep-2013 12:38:09 EDT Joshua Judson Rosen

     • Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
     @bobjonkman, luckily you don't need the browser to ship with #web-of-trust certs for you to trust them and have them provide you the same security as a CA that your browser-vendor has trusted on your behalf; but...