Conversation

Notices

1. Embed this notice
   Luna :neofox_snug: (lunareclipse@snug.moe)'s status on Saturday, 25-May-2024 07:27:19 JST Luna :neofox_snug:

   it's really funny how the chain of trust with TLS CAs is built in such a way where the security of the entire system is equal to the security of the worst CA your web browser trusts
   
   maybe I shouldn't learn more about how the web works, this is all so cursed

   • Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     anna (navi@social.vlhl.dev)'s status on Saturday, 25-May-2024 07:27:18 JST anna

     in reply to
     @lunareclipse i wonder how that would compare in practice to gemini which uses TOFU for certs
     
     always trust the worse CA chosen by your os or browser
     or periodically trust your connection to the site
     Haelwenn /элвэн/ :triskell: likes this.
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 25-May-2024 07:30:42 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • anna
     @navi @lunareclipse Well TOFU is neat, except for server-to-arbitrary-server.
     Which is probably why one of the only actual use of DANE is email (DNSSEC being a bit more trustworthy than X.509, but sadly horrible in terms of error handling).
   • Embed this notice
     Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Saturday, 25-May-2024 07:36:06 JST Haelwenn /элвэн/ :triskell:

     in reply to

     • Haelwenn /элвэн/ :triskell:
     • anna
     @navi @lunareclipse Plus in the case where it's reasonable to expect different servers, I'd say TOFU lowers security because you'd have to copy private keys around (which should never happen), not to even mention that it tends to make you avoid rotating keys.
     It's why for me TOFU is only good for things like ssh.