←back to thread

543 points gslin | 3 comments | | HN request time: 2.067s | source
Show context
pests ◴[] No.42191619[source]
It feels like just yesterday I was paying for certs, or worst, just running without.

Can't believe its been ten years.

replies(1): >>42191666 #
ozim ◴[] No.42191666[source]
Can’t believe there are still anti TLS weirdos.
replies(7): >>42191688 #>>42191718 #>>42191893 #>>42192714 #>>42192733 #>>42193057 #>>42193614 #
Pannoniae ◴[] No.42191893[source]
TLS is not panacea and it's not universally positive. Here are some arguments against it for balance.

TLS is fairly computationally intensive - sure, not a big deal now because everyone is using superfast devices but try browsing the internet with a Pentium 4 or something. You won't be able to because there is no AES instruction set support accelerating the keyshake so it's hilariously slow.

It also encourages memoryholing old websites which aren't maintained - priceless knowledge is often lost because websites go down because no one is maintaining them. On my hard drive, I have a fair amount of stuff which I'm reasonably confident doesn't exist anywhere on the Internet anymore.... if my drives fail, that knowledge will be lost forever.

It is also a very centralised model - if I want to host a website, why do third parties need to issue a certificate for it just so people can connect to it?

It also discourages naive experimentation - sure, if you know how, you can MitM your own connection but for the not very technical but curious user, that's probably an insurmountable roadblock.

replies(7): >>42191942 #>>42192026 #>>42192088 #>>42192426 #>>42192479 #>>42193243 #>>42203762 #
ratorx ◴[] No.42192026[source]
> if I want to host a website …

The fundamental problem is a question of trust. There’s three ways:

* Well known validation authority (the public TLS model)

* TOFU (the default SSH model)

* Pre-distribute your public keys (the self-signed certificate model)

Are there any alternatives?

If your requirement is that you don’t want to trust a third party, then don’t. You can use self-signed certificates and become your own root of trust. But I think expecting the average user to manually curate their roots of trust is a clearly terrible security UX.

replies(2): >>42192098 #>>42192280 #
1. rocqua ◴[] No.42192098[source]
There is web of trust, where you trust people that are trusted by your friends.

There's issues with it, but it is an alternative model, and I could see it being made to work.

replies(2): >>42192225 #>>42192633 #
2. ratorx ◴[] No.42192225[source]
Ah, I forgot about that and never really considered it because GPG is so annoying to use, but it is fairly reasonable.

I don’t see how it has too many advantages (for the internet) over creating your own CA. If you have a mutually trusted group of people, then they can all share the private key and sign whatever they trust.

I think the main problem is that it doesn’t scale. If party A and party B who have never communicated before want to communicate securely (let’s say from completely different countries), there’s no way they would be able to without a bridge. With central TLS, despite the downsides, that is seamless.

3. account42 ◴[] No.42192633[source]
Providing initial trust via hyperlinks could be interesting.