SSL by default for all packaged web apps?
Neal McBurnett
neal at bcn.boulder.co.us
Thu Mar 3 21:27:19 UTC 2011
On Thu, Mar 03, 2011 at 10:03:28PM +0100, Soren Hansen wrote:
> 2011/3/3 Neal McBurnett <neal at bcn.boulder.co.us>:
> > Contrasting this with STARTTLS might also be instructive, though of
> > course there are big differences. But last I checked (a while ago) a
> > substantial amount of SMTP traffic was encrypted based on self-signed
> > certificates because it was made pretty easy-to-do, though that was
> > more likely to be used between servers than from an end user.
>
> SMTP over SSL is incredibly odd. SMTP is a communication protocol used
> between servers. It's unattended. There's no-one to verify the SSL cert
> of the remote party manually, so it has to be done automatically. You
> have two options: 1) Require CA validated certs, or 2) accept any SSL cert.
>
> Because using self-signed certs is so incredibly pervasive option 1) would
> basically render you unable to speak SMTP/SSL to anyone, and 2) which
> is the default,
> means MitM attacks are the easiest thing in the world, yet people seem
> perfectly content with this.
Yup. So do we have any results of this experiment in easy deployment
of self-signed certs? Are the costs worth the risks?
What are the costs? Has it been much harder to deploy?
What are the benefits? Is there any evidence that much snooping has
been prevented?
How about the remaining risks? Are many MITM attacks being performed?
How about lost-opportunity costs? Has it slowed folks from moving to
harder/better forms of encryption, e.g. end-to-end via S/MIME or PGP?
Does anyone know?
Neal McBurnett http://neal.mcburnett.org/
More information about the ubuntu-server
mailing list