Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If the whole CA system is compromised, you mean?


My assertion is that absent some way to force TLS from the start on the connection owning DNS allows you to MITM a user that types mail.google.com in the address bar. Where is that wrong?


Chromium will not let you connect to MAIL.GOOGLE.COM via port 80; the fact that Gmail requires TLS is pinned just like their certificate is.


>My assertion is that absent some way to force TLS

So, my assertion is correct then. Own DNS, own mail.google.com if the browser doesn't force TLS.


Point arms up into sky, cast yourself aloft into the heavens, if the earth doesn't have gravity.


If you don't distribute the pin along with the browser you don't get TLS forced on the first connection. As you yourself said in the other thread TLS+TACK doesn't solve this either. So this is hardly a fundamental property of TLS.


Browser trust anchors aren't a fundamental property of HTTPS/TLS? That's like saying "TLS is insecure if you don't distribute any root certificates with your browser".


Really? You're arguing that a feature that was first implemented in 2011 is a fundamental property of TLS? And are you also arguing that the whole web should have Google/Firefox/IE/Safari ship a certificate pin with the browser? That will surely scale...

If we're doing that why do we need CA's at all? Just ship pins of self-signed certificates to all the browsers and trust Google with the integrity of the database.


Your browser could also be a trojan.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: