SSL cert

Derek Atkins warlord at MIT.EDU
Wed Oct 15 16:27:04 EDT 2008 

Quoting Graham Leggett <minfrin at sharp.fm>:

> Derek Atkins wrote:
>
>> Nope, no other purpose than to get that warning to go away when
>> people follow the HTTPS links to the server.  Personally I see nothing
>> wrong with self-signed certificates provided you save them forever.
>
> Self signed certificates are meaningless, anyone can impersonate your 
> server. The illusion that you have security is far worse than having 
> no security at all.

Bzzt.  They are not meaningless if you know how to use them correctly.
Please don't spread FUD about a perfectly reasonable technology.  :-P

>> It's no worse than the security that SSH gives you.
>
> SSH is completely different. You are expected on first connection to 
> ensure the key fingerprint is correct, and if the key changes, 
> attempts to connect will fail outright, with no option to ignore the 
> problem.

And how many people do that?  When's the last time you actually went
out of your way to verify the fingerprint of an SSH Server Key?  And
how do you do that before typing your password to the remote machine?

The whole security model of SSH is about linkability from one session
to another.  You're still subject to a man-in-the-middle attack on
the first connection.

On firefox if you accept the self-signed cert "forever" I am FAIRLY
sure that you will be warned if the key changes.  I admit that I'm
not 100% sure that it behaves this way, but proper security engineering
would dictate that it should.  It should act much like SSH does.
If it does not, then I consider that a bug in the browser.

>> It's certainly not worth it to me to pay $15 just to help than one
>> poor soul a year who gets confused by his browser and doesn't know
>> to just accept it.  The fact that Firefox is making it harder to
>> accept self-signed certs doesn't help. :(
>
> Please don't spread this FUD around. Certificates exist for a reason, 
> and signature failure warnings should be taken seriously.

Bwahahahaha!  I'm not spreading FUD.  I've worked in the security industry
now for...  Wow, almost 20 years.  I understand the technology quite well,
what it's useful for, and what it's not useful for.  Certificates do
exist for a reason.  And yes, signature failure warnings SHOULD be
taken seriously.  Absolutely.

However self-signed certificates have a real place in the world as well.
They provide linkability across transactions without requiring
infrastructure.  When properly used they can absolutely verify to you
that you're talking to the same entity today that you were talking to
yesterday.

Admittedly they don't tell you whether or not the entity you talked to
yesterday is the "real" entity you wanted to talk to.  However that is
not always the goal.

In this particular case, here and now, the linkability is all I really
care about.

This is not FUD.  It's real security engineering tradeoffs and understanding
(or not understanding, as the case may be) the problem at hand and the
tradeoffs being made in choosing one approach over an other.

Thanks for the lively discussion, but I think this is completely off topic
for the gnucash mailing lists.  Further discussion should be taken
offline, or perhaps over to the cryptography mailing list where you
can discuss it with an audience that has more of an interest than
this one.  :)

> Regards,
> Graham

-derek

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available

More information about the gnucash-user mailing list