The EU is poised to pass a sweeping new regulation, eIDAS 2.0. Buried deep in the text is Article 45, which returns us to the dark ages of 2011, when certificate authorities (CAs) could collaborate with governments to spy on encrypted traffic—and get away with it. Article 45 forbids browsers from...
That’s where the SSH analogy comes from. On the initial connection you get the signature of the web-site you are trying to visit and your browser trusts it from then on. If something changes later, then the scary warning comes up.
I hope for you, that you don’t SSH into any random machine and just import their cert.
Usually you know the machines you are trying to connect to. That gives you the ability to add their cert to your trusted hosts before connecting the first time. So for browsing the WWW this makes not much sense, since you connect to way too many unknown hosts. It would create a ‘red is green’ mentality where users just import any unknown cert.
The only similarity i see, which makes sense, would be e-banking and such. The bank could send you their certificate with the login credentials by post.
Why? There is absolutely zero risk in SSHing into “random” machines especially since I’m using public ssh-keys. Of course the first time I connect to a machine it’s going to be untrusted, but who cares? I’m using SSH to ensure others can’t sniff my traffic.
If i want to sniff your traffic, ill set up another machine as MITM attack.
I guess as long as you stay inside a secure company network, it wouldn’t be that bad. But if you go through the WWW, my advice is to manually add trusted hosts.
Setting up a mitm on the internet is a non-trivial task and I’m quite confident you have neither the access, nor the ability to do that. Very few people do. So let’s just say that isn’t an attack vector that anyone should be concerned with.
Where does the initial cryptographic verification come from? I’m not arguing that you can’t pin certificates.
That’s where the SSH analogy comes from. On the initial connection you get the signature of the web-site you are trying to visit and your browser trusts it from then on. If something changes later, then the scary warning comes up.
I hope for you, that you don’t SSH into any random machine and just import their cert.
Usually you know the machines you are trying to connect to. That gives you the ability to add their cert to your trusted hosts before connecting the first time. So for browsing the WWW this makes not much sense, since you connect to way too many unknown hosts. It would create a ‘red is green’ mentality where users just import any unknown cert.
The only similarity i see, which makes sense, would be e-banking and such. The bank could send you their certificate with the login credentials by post.
Why? There is absolutely zero risk in SSHing into “random” machines especially since I’m using public ssh-keys. Of course the first time I connect to a machine it’s going to be untrusted, but who cares? I’m using SSH to ensure others can’t sniff my traffic.
If i want to sniff your traffic, ill set up another machine as MITM attack.
I guess as long as you stay inside a secure company network, it wouldn’t be that bad. But if you go through the WWW, my advice is to manually add trusted hosts.
Setting up a mitm on the internet is a non-trivial task and I’m quite confident you have neither the access, nor the ability to do that. Very few people do. So let’s just say that isn’t an attack vector that anyone should be concerned with.
Everyone who can read your unencrypted traffic has the possibility to intercept your encrypted stuff. So it is really not that hard.
But you don’t seem to be bothered too much about that possibility. So lets agree to disagree.