Hi,

If you don’t know how work the chain of trust for the httpS

You might want to watch this video https://invidious.privacydev.net/watch?v=qXLD2UHq2vk ( if you know a better one I’m all ears )

So in my point of view this system have some huge concerns !

  1. You need to relies to a preinstalled store certificate in your system or browser… Yeah but do you know those peoples ??!! it might seem weird, but actually you should TRUST people that YOU TRUST/KNOW !!

Here an extract from the certificate store om Firefox on Windows.

I do not know ( personally ) any of those COMMERCIAL company !

  1. Of course we could use Self-certificate but this is not protecting against Man-in-the-middle_attack . Instead of using a chain (so few 3th party involved , so increasing the attack surface ! ) why not using something simpler !? like for example
  • a DNS record that hold the HASH of the public key of the certificate of the website !
  • a decentralized or federated system where the browser could check those hash ?

Really I don’t understand why we are still using a chain of trust that is

  1. not trusted
  2. increase the surface of attack
  3. super complex compare to my proposals ?

Cheers,

Why I don't use the term SSL

Because actually httpS now use TLS not anymore ssl https://en.wikipedia.org/wiki/Transport_Layer_Security

You are viewing a single thread.
View all comments View context
-2 points

Thanks for you reaction @breakingcups@lemmy.world

  1. Yes trough Dnssec, or something else ?

  2. Maybe we should go toward a blockchain ? but maybe it’s overkill ?

permalink
report
parent
reply
1 point

Just promote DANE. You could even use self-signed certificates considered as trusted because they are set in a DNSSEC-signed TLSA Resource Record for a host, protocol and port. Unfortunately, end-user software adoption is not the best currently.

permalink
report
parent
reply

Security

!security@programming.dev

Create post

A community for discussion about cybersecurity, hacking, cybersecurity news, exploits, bounties etc.

Rules :

  1. All instance-wide rules apply.
  2. Keep it totally legal.
  3. Remember the human, be civil.
  4. Be helpful, don’t be rude.

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

Community stats

  • 5

    Monthly active users

  • 73

    Posts

  • 125

    Comments

Community moderators