Reply to post: Re: And it all goes to show...

Mozilla boots alleged snoop troupe from its root cert coop: UAE-based DarkMatter thrown onto CA blocklist

DrXym Silver badge

Re: And it all goes to show...

And you obviously didn't read very far because I addressed the point of Man in the Middle.

SSL Observatory (I called it Lighthouse by mistake previously) exist that check the cert you see against a centralized database built by other visitors and warns the user if the cert you see is different to the cert someone else sees. This could prevent MiTM attacks. And any site with reason to fear such an attack could sign their cert with a CA or a web of trust - other points I addressed.

The point being that CA signing is a shakedown. The "trust" is to make the scary box in the browser and its binary security model go away, little else.

A self signed cert is better than plaintext. A self signed cert coupled with such a service integrated into a browser is better yet, a web of trust better yet. Maybe if you're a bank or retailer you'll pay the 000s for the CA for a signature that means something. Otherwise it means very little.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon