In most cases, nobody needs to know the identity anyway. It would be far more important to know that it is the same website I looked at before
That's called "key continuity management" (KCM) or "trust on first use" (TOFU). SSH uses it but recommends that you verify the key fingerprint out of band. It could be used with HTTPS or email as well, but without a way to verify the fingerprint out of band, it's vulnerable if your connection is compromised by a man in the middle from day one. Bug 460374 relates the story of how such an MITM in the wild was discovered.
you have to know it exists and order it directly and explicitly to get it, as they are signing up people for "standard" who ask for "basic". So maybe that's where your confusion comes from.
That might be because in some areas, the $10 to $20 package is called "limited basic", and the $50 package is called "expanded basic".
But what's "an auth model that works"? The PGP web of trust isn't it because trust isn't transitive. Just because I can vouch for someone's identity doesn't mean I can vouch for her ability to vouch for others' identities. That's why X.509 certificates have the "cannot act as a CA" flag.
My self-signed certs (used internally) are trusted by me.
A lot of companies operate an internal CA. But what certs do you use publicly?
BTW, ever noticed their root CA's are self-signed, but we're told not to trust self-signed certs?
Root certificates are self-signed by definition. We're told not to trust self-signed certificates other than those that come in the system certificate store or the ones deployed by the employer's IT department through Group Policy.
If a first-time visitor tries to visit a site that exclusively uses DANE, he won't even get as far as the "please use DANE" page without seeing a certificate error. So you'll have to use either a traditional CA (such as WoSign or StartSSL) or Let's Encrypt (if you are root on the server) to handle visitors who don't already have the "extension for both Firefox and Chromium that validates DNSSEC and DANE" installed, as well as visitors using Edge, Safari, or a Safari wrapper. And yes, you'll end up having to cater to Safari because all other web browsers on iOS are Safari wrappers, except for a couple that are remote desktops to a browser running on someone else's computer.
You'd better have a monopoly on the product you are selling or the customer will just decide "the hell with that" and buy from another site that is easier.
If you see your would-be customers leaving for competing merchants that blatantly violate PCI DSS, report each noncompliant merchant to the company that handles its payment processing. When competing merchants start either turning away customers in the same way or losing their merchant accounts, watch upgrade conversions increase.
For production sites, you don't use the auto-generated cert.
Correct: you export a CSR from the auto-generated keypair and use that to buy a certificate. Normally, you'd export one server's auto-generated keypair, export a CSR, buy the certificate, and import it to the other servers. But if you're paranoid about never exporting a private key, you'll end up with a separate certificate on each server in your load-balancing cluster.
For a long time, Slashdot offered "subscriptions" that allowed ad-free use, and it redirected non-subscribers' HTTPS hits to HTTP because ad networks took so long to add encryption support. But over the past year at least, it has switched from a subscription model to offering reduced-ad access to users with Excellent karma, possibly on the basis that comments from Excellent users bring in more page views.
Seriously, whats next, will they just stop support plain HTTP because HTTP is far more likely to be abused.
They're heading in that direction. Service Workers are the new mechanism for a web application to continue to work during interruptions in the Internet connection, and browsers already forbid use of Service Workers delivered through HTTP unless they came from localhost.
But another difference has been repeated in previous articles about Perspectives, Convergence, WoSign, Let's Encrypt, and other means of working around the cost of avoiding MITM attacks on TLS. The difference between cleartext and low-grade TLS, such as HTTPS with a self-signed certificate or old versions of TLS or weak hash algorithms, is a difference between a true sense of insecurity and a false sense of security. With HTTP, you know what you're not getting, as the globe in the address bar represents everyone who can potentially intercept your communication.
The Firefox installer is in the neighborhood of 40 MB. That's two and a half hours of tying up the phone line if you have v.90/v.92 dial-up, or a nonzero cost if your ISP charges per bit as many cellular and satellite ISPs do.
To work around software restriction policies (such as those implemented through AppLocker) that allow execution of DHTML applications but forbid local installation of native applications. It's the same reason that early Wii homebrew (such as WiiCade.com) relied on Flash and DHTML instead of native applications, which Nintendo forbade amateurs from developing, until the Twilight Hack blew open native homebrew.
Try this: Allow connections from TLS 1.2 and TLS 1.0. But if the server detects that the client has fallen back to obsolete TLS, display an interstitial page once in each session, explaining the situation in a manner that correctly yet politely places the blame:
Thank you for your interest in our products. It has come to our attention that your payment card issuer no longer supports the security measures built into $useragent. To protect your account from unauthorized payments, we have put checkout on hold temporarily. Try these steps:
1. If you want, you can add items to your cart now. 2. Install a recent web browser. Updated versions of Google Chrome and Mozilla Firefox are available. 3. Log in using the new web browser and check out.
Then replace all "Check Out" buttons and links to manage saved payment credentials (if any) with a "Learn How to Check Out" that re-shows the interstitial.
Certificate pinning doesn't help when each server in a load-balanced cluster generates its own private key and CSR and thus needs its own certificate. IIS is believed to do this by default.
Persistent login is a completely orthogonal problem to TLS certificate forgery. What's going on is that Mozilla and Facebook are continuing to make SHA-1 access available and dealing with forgeries on a reactive basis until enough of the user base has migrated to allow the proactive approach of allowing only SHA-256 access.
PostgreSQL is free until the application that you just tried to migrate from Oracle Database to PostgreSQL throws a syntax error. Then it costs time (which is money) to fix the apps if they're in-house or free, or it costs money to either purchase an upgrade to add PostgreSQL compatibility to a proprietary application or to migrate entirely from a proprietary application for which PostgreSQL compatibility is not available. Or does PostgreSQL's PL/pgSQL parser accept all PL/SQL and MySQL syntax to allow it to be used by applications that expect some Oracle product?
Can't upgrade because reasons? Go cry to whomever is creating that problem for you
Such crying would fall on deaf ears, as mobile device manufacturers routinely announced end of support not only for handsets that are still under 2-year financing but also for handsets that are still being sold in stores. And when "whomever" amounts to the "poorest, most repressive, and most war-torn countries in the world," as the article mentions, what recourse does one have?
In most cases, nobody needs to know the identity anyway. It would be far more important to know that it is the same website I looked at before
That's called "key continuity management" (KCM) or "trust on first use" (TOFU). SSH uses it but recommends that you verify the key fingerprint out of band. It could be used with HTTPS or email as well, but without a way to verify the fingerprint out of band, it's vulnerable if your connection is compromised by a man in the middle from day one. Bug 460374 relates the story of how such an MITM in the wild was discovered.
you have to know it exists and order it directly and explicitly to get it, as they are signing up people for "standard" who ask for "basic". So maybe that's where your confusion comes from.
That might be because in some areas, the $10 to $20 package is called "limited basic", and the $50 package is called "expanded basic".
But what's "an auth model that works"? The PGP web of trust isn't it because trust isn't transitive. Just because I can vouch for someone's identity doesn't mean I can vouch for her ability to vouch for others' identities. That's why X.509 certificates have the "cannot act as a CA" flag.
My self-signed certs (used internally) are trusted by me.
A lot of companies operate an internal CA. But what certs do you use publicly?
BTW, ever noticed their root CA's are self-signed, but we're told not to trust self-signed certs?
Root certificates are self-signed by definition. We're told not to trust self-signed certificates other than those that come in the system certificate store or the ones deployed by the employer's IT department through Group Policy.
If a first-time visitor tries to visit a site that exclusively uses DANE, he won't even get as far as the "please use DANE" page without seeing a certificate error. So you'll have to use either a traditional CA (such as WoSign or StartSSL) or Let's Encrypt (if you are root on the server) to handle visitors who don't already have the "extension for both Firefox and Chromium that validates DNSSEC and DANE" installed, as well as visitors using Edge, Safari, or a Safari wrapper. And yes, you'll end up having to cater to Safari because all other web browsers on iOS are Safari wrappers, except for a couple that are remote desktops to a browser running on someone else's computer.
But does authenticator use count against your received SMS allowance? If so, how many text messages does TracFone allow you per $20?
Rocks don't do so well against firearms.
poorest, most repressive, and most war-torn countries in the world
Go cry to whomever is creating that problem for you, and if that amounts to you then keep it to yourself.
what recourse does one have?
Ending the repression and the combat
How would affected end users go about that, given the gross wealth inequality endemic in those parts of the world?
In which countries did case law on the interaction between trademarks and copyrights go the opposite way?
There aren't all that many people paying for early Mickey Mouse cartoons.
The point is that once the copyright expires, people can lawfully make new Mickey and Pooh cartoons.
You'd better have a monopoly on the product you are selling or the customer will just decide "the hell with that" and buy from another site that is easier.
If you see your would-be customers leaving for competing merchants that blatantly violate PCI DSS, report each noncompliant merchant to the company that handles its payment processing. When competing merchants start either turning away customers in the same way or losing their merchant accounts, watch upgrade conversions increase.
So should felons be allowed to carry while in prison? (I'm mentioning an extreme position to begin bisection.)
In an era of compromised X.509 certificate authorities
There is also S/MIME as well. I fetch a client cert from Symantec or another CA
That's what I was referring to. Symantec has been compromised, as have many other CAs.
For production sites, you don't use the auto-generated cert.
Correct: you export a CSR from the auto-generated keypair and use that to buy a certificate. Normally, you'd export one server's auto-generated keypair, export a CSR, buy the certificate, and import it to the other servers. But if you're paranoid about never exporting a private key, you'll end up with a separate certificate on each server in your load-balancing cluster.
Without encryption, anyone can sniff your session cookie, clone it, and post Goatse as fahrbot-bot.
you will be either doing in bound SSL termination on the load balancer and put the cert there
And once your traffic has grown past one load balancer's capacity, you have to cluster your load balancers.
or you will be copying the cert and its private key to each server in the farm.
I guess some big banks are paranoid about letting any private key get exported from any machine.
For a long time, Slashdot offered "subscriptions" that allowed ad-free use, and it redirected non-subscribers' HTTPS hits to HTTP because ad networks took so long to add encryption support. But over the past year at least, it has switched from a subscription model to offering reduced-ad access to users with Excellent karma, possibly on the basis that comments from Excellent users bring in more page views.
Seriously, whats next, will they just stop support plain HTTP because HTTP is far more likely to be abused.
They're heading in that direction. Service Workers are the new mechanism for a web application to continue to work during interruptions in the Internet connection, and browsers already forbid use of Service Workers delivered through HTTP unless they came from localhost.
But another difference has been repeated in previous articles about Perspectives, Convergence, WoSign, Let's Encrypt, and other means of working around the cost of avoiding MITM attacks on TLS. The difference between cleartext and low-grade TLS, such as HTTPS with a self-signed certificate or old versions of TLS or weak hash algorithms, is a difference between a true sense of insecurity and a false sense of security. With HTTP, you know what you're not getting, as the globe in the address bar represents everyone who can potentially intercept your communication.
The Firefox installer is in the neighborhood of 40 MB. That's two and a half hours of tying up the phone line if you have v.90/v.92 dial-up, or a nonzero cost if your ISP charges per bit as many cellular and satellite ISPs do.
To work around software restriction policies (such as those implemented through AppLocker) that allow execution of DHTML applications but forbid local installation of native applications. It's the same reason that early Wii homebrew (such as WiiCade.com) relied on Flash and DHTML instead of native applications, which Nintendo forbade amateurs from developing, until the Twilight Hack blew open native homebrew.
Try this: Allow connections from TLS 1.2 and TLS 1.0. But if the server detects that the client has fallen back to obsolete TLS, display an interstitial page once in each session, explaining the situation in a manner that correctly yet politely places the blame:
Then replace all "Check Out" buttons and links to manage saved payment credentials (if any) with a "Learn How to Check Out" that re-shows the interstitial.
Certificate pinning doesn't help when each server in a load-balanced cluster generates its own private key and CSR and thus needs its own certificate. IIS is believed to do this by default.
Persistent login is a completely orthogonal problem to TLS certificate forgery. What's going on is that Mozilla and Facebook are continuing to make SHA-1 access available and dealing with forgeries on a reactive basis until enough of the user base has migrated to allow the proactive approach of allowing only SHA-256 access.
Postgres is free.
PostgreSQL is free until the application that you just tried to migrate from Oracle Database to PostgreSQL throws a syntax error. Then it costs time (which is money) to fix the apps if they're in-house or free, or it costs money to either purchase an upgrade to add PostgreSQL compatibility to a proprietary application or to migrate entirely from a proprietary application for which PostgreSQL compatibility is not available. Or does PostgreSQL's PL/pgSQL parser accept all PL/SQL and MySQL syntax to allow it to be used by applications that expect some Oracle product?
Can't upgrade because reasons? Go cry to whomever is creating that problem for you
Such crying would fall on deaf ears, as mobile device manufacturers routinely announced end of support not only for handsets that are still under 2-year financing but also for handsets that are still being sold in stores. And when "whomever" amounts to the "poorest, most repressive, and most war-torn countries in the world," as the article mentions, what recourse does one have?