> the padlock icon really isn't any more secure than a self-signed cert.
I understand this comes from a frustration, and an understanding that the certificate based authentication is not perfect. But labeling it as "as secure as a self-signed cert" when a self-signed certificate provide no authentication (or an unpractical one at best) is uncalled for.
So as long as no practical and better solution for server authentication has been found, this is the best we have and it is still working pretty well (you don't see a lot of rogue certificates in the wild).
> But labeling it as "as secure as a self-signed cert" when a self-signed certificate provide no authentication (or an unpractical one at best) is uncalled for.
It's perfectly called for. The CA system is based on arbitrary trust. An actually-effective system should not rely on trust at all.
Even something like what Namecoin does - using a Bitcoin-style blockchain as a public ledger, but for SSL certs instead of DNS entries - would be a massive step in the right direction in comparison to the current CA system.
It's not entirely arbitrary. Some CAs may actually be worthy of trust. I imagine it would be possible to modify the browser's UI to reflect the trustworthiness of the server certificate to encourage better diligence on their part.
By what measure? Some empty promises of good security practices, perhaps? Or maybe some pinky swear that they'll always act in the best interests of the internet as a whole rather than in the interests of whichever government or set of shareholders happens to be in a position of power relative to them?
But self-signed certificates are more secure than CA-signed certificates, because they don't involve a third party. My various servers only use self-signed certificates among themselves because it drastically reduces the amount of initial trust required.
The huge problem there is key distribution (easy since I run all the servers), but in terms of just "security" that's much more secure than involving a third party CA.
Self signed is one thing in an internal environment/infrastructure role but quite another in a web server interacting with the public role. You're comparing apples to oranges.
"Internal" begs the question of key management, which is the whole issue to begin with. At any rate, my claim stands that a self-signed certificate is by nature more secure than a CA-signed one, because it does not require the additional level of trust in the CA.
It's only more secure between two parties that can reliably confirm their identities with each other out of band. A CA, however badly implemented in practice, is more secure by design because the worst case scenario (a subverted CA) is no different from a self-signed certificate from a client perspective.
In terms of what you're focusing on in this thread (verification of identity) I don't disagree. But a MitM attack on coffee shop wifi is a problem which is exacerbated by self signed certificates.
I understand this comes from a frustration, and an understanding that the certificate based authentication is not perfect. But labeling it as "as secure as a self-signed cert" when a self-signed certificate provide no authentication (or an unpractical one at best) is uncalled for.
So as long as no practical and better solution for server authentication has been found, this is the best we have and it is still working pretty well (you don't see a lot of rogue certificates in the wild).