It's worse than that. Their method of temporarily accepting the certificate is far less obvious now. Instead of it being a single button press, you have to click "Add an exception", which sounds like some sort of permanent change that would require wading through configuration dialogs (or, knowing Firefox, manually editting a file on disk) in order to reverse. If that's not creepy, I don't know what is.
Ah, yes, I played vegastrike back around 2005 and haven't been near it recently. It always had such a half-completed feel to it (although half is probably not the best fraction to use), where you could see the intent and the dream but still lament over how far they had to go.
I miss Wing Commander II, which is about the extent of my space flight sim nostalga. WCIII was good, but I never forgave them for making Hobbes a traitor in the story.
God, I still can't believe how much fun I had playing WCII as a kid. It's just one of those games that really sticks to you, at least if you were the age that I was (eight? *shrug*).
That's the beauty of this, JT's apparent senility level has been rising for a long time now, but this decision confirms and solidifies his downward spiral in the public's eye. I doubt any talk show host would have him now.
Ah, that's a fun system. I use Starcraft hostnames in my house:
Old Desktop: Goliath Server: Overmind Router: Nexus Wii: Pylon New Desktop: Tassadar
I was thinking if I ever got a small, low power 24/7 mini box, I'd call it Zergling.
I know the tech people at RPI name internal domain names after pokemon - I get the feeling there are more of those available now than network addresses that can fit in the IPv4 space.
Arcade is correct. Think of it this way, if the function of a certificate were encryption, why would we need it at all? We can already do encryption using Diffie-Hellman.
Certificates bind an identity (that is, dns identity and not necessarily a real identity) to a public key; they make a claim about the relationship between an entity and a piece of information. This claim is backed up via a signature by a trusted third party.
The simple truth in the model is that if you trust the third party and the known binding of the third party to its own public key and the mathematics of the encryption+signature algorithms, then you trust the binding of the site identity with the key they claim to control.
Now you can certainly debate the effectiveness of a certificate at providing authenticity in a real environment, but that doesn't give you license to deny its basic purpose unless you're intentionally exaggerating for the purpose of sarcastic commentary. But I think you legitimately believe what you say, and are letting unrelated faults in the usage of the system cause you to deny basic aspects of its design.
You've expressed this view several times today, and I have to say you don't seem to understand the point of the security model that we use for the internet.
The network is not secure.
The basic network protocols were designed long before security was ever an issue. Since you do not own and maintain physical control over the network hardware, you would have to trust the real owners of the links and routers between you and the destination in order to have a guarantee of authenticity, confidentiality, and integrity on the data sent over it. This model is unacceptable because not every component of the network path is trustworthy.
Consequently, a cryptographic protocol is a necessity for secure communication on the public internet. There is no other solution.
This says nothing about the integrity of the end points of the secure channel, and a hacked machine on either side will compromise the content of the communication, as you've pointed out. What you miss however, is that we don't care to analyze and discuss this prospect. It makes for a very boring system if you can't even trust the endpoints, the automatons executing commands on behalf of real flesh-and-blood users.
As you say, we're "not safe until there are no vulnerabilities": the difference between the hosts and the network is that we have control over the security of the hosts, and an institution as professional and security-critical as a bank is expected to maintain high standards, whereas neither party is in a position to do anything to improve the security of the network as a whole. It is possible to keep the endpoints secure - or if you argue that it is not, the key point is that this is outside the problem domain of network security that SSL was designed to address.
If you expect the simple use of SSL to protect you despite the exploitable flaws in your system, you're going to be disappointed, but not because SSL isn't doing its job. Please stop dissecting our claims that SSL provides authenticity, merely on the basis that the end points could screw up, because we're not denying this. We're simply restricting our conversation to the benefits of SSL in various circumstances, under the conditional assumption that it is the weak point in the system. Anything else is besides the point.
I'm sick and tired of no browser implementing a sane policy on this matter. Even firefox, for all its open source rebellious attitude, doesn't dare change the system. You'd think there'd be a free software project that shares this kind of ideal.
Can you tell me right now *with certainty* where your trusted CA list came from and that it hans't been modified by someone hostile or by hostile code?
If you can't tell me that for sure, then you are *less* secure than someone using unsigned certs who has personally verified key signatures face-to-face.
That is true, but trivially so. Someone who has verified key signatures in person is always more secure than someone relying on a third party, regardless of how much trust you have in the third party and what you know about the integrity of your CA list.
I believe you're much more likely to be caught by a bad certificate that you allow as a temporary exception, then you are to be caught by a bad unsecured web browser or CA list download. When you're downloading a new version of a web browser you're likely safe at home, where Mitm attacks are more difficult. But you may check your webmail, forum accounts, bank accounts, etc., anywhere. Public wifi, hotel networks (a family member got compromised by this), and so on.
Good point. It makes me wonder why on Earth the browsers don't support easy detection of this kind of flaw. So what if firefox has an option to alert me whenever I submit unencrypted information? I don't want a popup every time I google something. Why is there no checkbox for preventing the submission of unencrypted information from an encrypted page? Why is there no security padlock icon for form submit buttons?
You're missing a key point: if you can't trust the other end to keep their private key secure, then you can't trust them to keep the data you send them secure either. SSL certificates are only misleading in the way you describe if you expect them to be a silver bullet for all your security needs; if you use them properly in conjunction with good policies, they do indeed provide a guarantee of authenticity.
No, no, no. You can't make up for a flat namespace under a single top level domain by overcompensating with a super flat namespace that has even less lip service to hierarchy. All this does is further undermine the administrative structure of the domain name system.
So this was a last ditch effort to destroy the Internet before they inevitably lost control of it to a rival. Like Hitler wanting to burn Paris in WWII, or Adult Swim airing the fuck out of Futurama in the months before losing the contract to Comedy Central.
In my experience thus far, I've found that libertarians tend to be the least hypocritical in their positions. Whereas normal liberals and conservatives can justify any policy their party endorses without a second thought, it's difficult to trap a libertarian into an ideological contradiction. I guess that's just a product of minimality and simplicity, like debugging very small code.
Seems to me like it was a huge mistake in the first place to even allow the open registration of.com domains without tying them to corporate entities. (I recall reading that it wasn't always like that.) This, combined with the common practice of finding a web page for a particular topic by typing in a random domain name in the.com space rather than googling, seems to have doomed our prospects of ever having a sensible, manageable, and relatively unpoliticized domain name system.
There's also the small matter that you can actually SEE ice just by looking at the damn thing through a telescope. The giant white spots at the poles are a bit of a giveaway. I can't understand for the life of me the significance of this news as presented in the headlines for the past week.
Ah yes, if memory serves, this was the lawyer that included a clause in the subpoena asking Ms. Seidel to disclose all her ties to religious organizations, with the parenthetical: "(Muslim or otherwise)". Glad this jackass got caught being a jackass by someone within his profession.
Slashdot Mirror
It's worse than that. Their method of temporarily accepting the certificate is far less obvious now. Instead of it being a single button press, you have to click "Add an exception", which sounds like some sort of permanent change that would require wading through configuration dialogs (or, knowing Firefox, manually editting a file on disk) in order to reverse. If that's not creepy, I don't know what is.
Ah, yes, I played vegastrike back around 2005 and haven't been near it recently. It always had such a half-completed feel to it (although half is probably not the best fraction to use), where you could see the intent and the dream but still lament over how far they had to go.
I miss Wing Commander II, which is about the extent of my space flight sim nostalga. WCIII was good, but I never forgave them for making Hobbes a traitor in the story.
God, I still can't believe how much fun I had playing WCII as a kid. It's just one of those games that really sticks to you, at least if you were the age that I was (eight? *shrug*).
That's the beauty of this, JT's apparent senility level has been rising for a long time now, but this decision confirms and solidifies his downward spiral in the public's eye. I doubt any talk show host would have him now.
You forgot to say something anti-Islamic. You're a mere shadow of the former King Bastard.
Don't worry, they're safely and steadily building up in the earth. Now if you'll excuse me, I'm late for Monday Night Rehabilitation.
Or if you don't like those references, I can give you some old school Simpsons quotes...
That's funny. Anyone else getting hungry for slow-boiled frog?
Ah, that's a fun system. I use Starcraft hostnames in my house:
Old Desktop: Goliath
Server: Overmind
Router: Nexus
Wii: Pylon
New Desktop: Tassadar
I was thinking if I ever got a small, low power 24/7 mini box, I'd call it Zergling.
I know the tech people at RPI name internal domain names after pokemon - I get the feeling there are more of those available now than network addresses that can fit in the IPv4 space.
Perhaps, but it's at (+4, Simpsons Reference) right now.
Man: "Well I believe I'll mod that down."
Kang: "Go ahead. Throw your vote away."
Cromulence abounds.
Very well.
5. You compromise the user's exception list, by asking for an exception. In this case the user is at fault.
Arcade is correct. Think of it this way, if the function of a certificate were encryption, why would we need it at all? We can already do encryption using Diffie-Hellman.
Certificates bind an identity (that is, dns identity and not necessarily a real identity) to a public key; they make a claim about the relationship between an entity and a piece of information. This claim is backed up via a signature by a trusted third party.
The simple truth in the model is that if you trust the third party and the known binding of the third party to its own public key and the mathematics of the encryption+signature algorithms, then you trust the binding of the site identity with the key they claim to control.
Now you can certainly debate the effectiveness of a certificate at providing authenticity in a real environment, but that doesn't give you license to deny its basic purpose unless you're intentionally exaggerating for the purpose of sarcastic commentary. But I think you legitimately believe what you say, and are letting unrelated faults in the usage of the system cause you to deny basic aspects of its design.
You've expressed this view several times today, and I have to say you don't seem to understand the point of the security model that we use for the internet.
The network is not secure.
The basic network protocols were designed long before security was ever an issue. Since you do not own and maintain physical control over the network hardware, you would have to trust the real owners of the links and routers between you and the destination in order to have a guarantee of authenticity, confidentiality, and integrity on the data sent over it. This model is unacceptable because not every component of the network path is trustworthy.
Consequently, a cryptographic protocol is a necessity for secure communication on the public internet. There is no other solution.
This says nothing about the integrity of the end points of the secure channel, and a hacked machine on either side will compromise the content of the communication, as you've pointed out. What you miss however, is that we don't care to analyze and discuss this prospect. It makes for a very boring system if you can't even trust the endpoints, the automatons executing commands on behalf of real flesh-and-blood users.
As you say, we're "not safe until there are no vulnerabilities": the difference between the hosts and the network is that we have control over the security of the hosts, and an institution as professional and security-critical as a bank is expected to maintain high standards, whereas neither party is in a position to do anything to improve the security of the network as a whole. It is possible to keep the endpoints secure - or if you argue that it is not, the key point is that this is outside the problem domain of network security that SSL was designed to address.
If you expect the simple use of SSL to protect you despite the exploitable flaws in your system, you're going to be disappointed, but not because SSL isn't doing its job. Please stop dissecting our claims that SSL provides authenticity, merely on the basis that the end points could screw up, because we're not denying this. We're simply restricting our conversation to the benefits of SSL in various circumstances, under the conditional assumption that it is the weak point in the system. Anything else is besides the point.
I'm sick and tired of no browser implementing a sane policy on this matter. Even firefox, for all its open source rebellious attitude, doesn't dare change the system. You'd think there'd be a free software project that shares this kind of ideal.
That is true, but trivially so. Someone who has verified key signatures in person is always more secure than someone relying on a third party, regardless of how much trust you have in the third party and what you know about the integrity of your CA list.
I believe you're much more likely to be caught by a bad certificate that you allow as a temporary exception, then you are to be caught by a bad unsecured web browser or CA list download. When you're downloading a new version of a web browser you're likely safe at home, where Mitm attacks are more difficult. But you may check your webmail, forum accounts, bank accounts, etc., anywhere. Public wifi, hotel networks (a family member got compromised by this), and so on.
Good point. It makes me wonder why on Earth the browsers don't support easy detection of this kind of flaw. So what if firefox has an option to alert me whenever I submit unencrypted information? I don't want a popup every time I google something. Why is there no checkbox for preventing the submission of unencrypted information from an encrypted page? Why is there no security padlock icon for form submit buttons?
You're missing a key point: if you can't trust the other end to keep their private key secure, then you can't trust them to keep the data you send them secure either. SSL certificates are only misleading in the way you describe if you expect them to be a silver bullet for all your security needs; if you use them properly in conjunction with good policies, they do indeed provide a guarantee of authenticity.
No, no, no. You can't make up for a flat namespace under a single top level domain by overcompensating with a super flat namespace that has even less lip service to hierarchy. All this does is further undermine the administrative structure of the domain name system.
Dead on commentary. I suppose we all should have seen this coming. Why is it that some people can't grasp the beauty of a tree structure?
So this was a last ditch effort to destroy the Internet before they inevitably lost control of it to a rival. Like Hitler wanting to burn Paris in WWII, or Adult Swim airing the fuck out of Futurama in the months before losing the contract to Comedy Central.
In my experience thus far, I've found that libertarians tend to be the least hypocritical in their positions. Whereas normal liberals and conservatives can justify any policy their party endorses without a second thought, it's difficult to trap a libertarian into an ideological contradiction. I guess that's just a product of minimality and simplicity, like debugging very small code.
Much, much older than that actually. See the other comments remarking on its age.
Same here, although it was only three years ago for me. A neat device if you have forty thousand dollars to waste.
Seems to me like it was a huge mistake in the first place to even allow the open registration of .com domains without tying them to corporate entities. (I recall reading that it wasn't always like that.) This, combined with the common practice of finding a web page for a particular topic by typing in a random domain name in the .com space rather than googling, seems to have doomed our prospects of ever having a sensible, manageable, and relatively unpoliticized domain name system.
There's also the small matter that you can actually SEE ice just by looking at the damn thing through a telescope. The giant white spots at the poles are a bit of a giveaway. I can't understand for the life of me the significance of this news as presented in the headlines for the past week.
Ah yes, if memory serves, this was the lawyer that included a clause in the subpoena asking Ms. Seidel to disclose all her ties to religious organizations, with the parenthetical: "(Muslim or otherwise)". Glad this jackass got caught being a jackass by someone within his profession.