Ask HN: Aren't self-signed certificates preferable to unencrypted connections?
But isn't that better than nothing? Even if my blog has a self-signed certificate and you can't say for sure that 'this blog is run by so-and-so', isn't that better than a wholly unencrypted connection? SSL seems to be used for two purposes, namely encrypted connections and validating the remote server, but surely encrypted connections alone are a sufficient benefit? And yet, if all I want to do is have a secure channel, I have to (theoretically) pay a certificate issuer yearly to prove that I am who I am, as if encryption requires I prove my identity.
It would make a great deal more sense to me to treat self-signed certificates the same way we treat HTTP sites: give no notification to the user whatsoever, unless they go looking for it. Browsers could also have a 'strict mode' enforcing the current behaviour (require authentication) for environments or users which prefer it.
The major problem I see here is that sites where you do want to guarantee certificates (e.g. Facebook.com, google.com, bank of america, etc) would be difficult to guarantee that you were connecting to the correct site, since MITM attacks against your SSL connection would be treated like HTTP connections and the browser would let them proceed as if nothing was wrong. I'm not sure if there are tangible ways around that, but it feels worth looking into.
12 comments
[ 2.9 ms ] story [ 39.7 ms ] threadIt appears that users have been conditioned to look out for at least that little lock symbol, so devaluing it now would throw a lot of user training down the drain and give phishers fresh wind.
I've just seen the false sense of security argument backfire. I remember a sysadmin performing a "security upgrade" by converting a self-signed HTTPS server into an unencrypted HTTP server. The users were quite happy that their data was far more secure than it was under the old regime with the scary warnings, despite the fact that they were now being sent completely in the clear.
(I'm in that group)
If an attacker is in a position to read unencrypted traffic, they MIGHT be in a position to inject DNS responses, or otherwise intercept traffic. If they can do that, they can generate a new self-signed certificate, MITM, which effectively disabled encryption (without making the user aware).
I will say, I feel like it is "unfair" that browsers give you an error page for self-signed but don't for regular HTTP. Why not just show a self-signed HTTPS page identically to how you would show a HTTP page (insecure, no padlock, etc). Also do mixed content warnings as if self-signed is insecure/HTTP.
An alternative which exists, which a lot of people ignore, is instead of doing self-signed generate your own CA and then sign your own certificate. You can install the CA in the root CA store on the OS and then you won't be using a "self-signed" certificate, you will be using a fully signed certificate with all of the security that that comes with (assuming you keep your root CA offline/safe).
PS - It took me many years to come to the realisation that self-signed encryption is effectively no encryption. You just really have to come at it from the "Starbucks insecure WiFi" perspective. Once you think of it like that, self-signed is too trivial to MITM and thus the encryption can be undetectably circumvented.
A self-signed HTTPS connection declares itself to be somehow secure, but demonstrably isn't.
So why not declare both equally insecure (which is true)?
You say it is "just not true" (that browsers declare them secure/insecure) and then go on to say "users are trained to look for HTTP security indicators" (exposed by the browsers).
So I'm quite confused about what it is you think I said which is "not true." Since you obviously do agree that browsers declare things secure or not.
Your example about credit cards is entirely non sequitur. It doesn't follow what you said before nor make sense in the context.
I can only suspect you misread something earlier in this conversation as your replies are quite confusing.
We have a situation currently where encrypted transport is tied to an SSL cert, which in nearly all cases is tied to a cost (because of the CA identity issue). Therefore SSL isn't prevalent enough.
I'd like to have SSL on my personal blog and my webmail, but I don't want to pay for a couple of hundred dollars for a wildcard subdomain cert that lasts one year.
The NSA stuff shows that we need to switch to a secure transport. It's the only way to hinder the dragnetting.