

Ask HN: Why don't we have P2P based CA or SSL fingerprint consensus? - rubyfan

How the hell are normal people to validate an SSL fingerprint? Could any one of us really spot the man-in-the-middle attack?<p>Why doesn&#x27;t something like a P2P consensus protocol or blockchain facilitate certificate authority or even more simply validating SSL fingerprints?
======
UnoriginalGuy
That's a fair question but how do you stop a powerful adversary from flooding
it with false information or how do you protect the consensus system from
being MitM-ed, more SSL?

Plus one could argue that a P2P consensus system would be a massive breach of
people's privacy. Do you really want everyone upstream knowing what sites
you're visiting even if it is just at the domain level?

My point is that while this problem is both true and easy to quantify, a
solution would wind up being almost as complex as SSL itself. And it seems
like a drop in the bucket when DNS remains insecure, SMTP is still highly
common, and HTTP (i.e. not HTTPS) is widespread.

That all being said, if someone developed this as e.g. a Chrome Extension, I'd
consider installing it as long as some privacy guarantees were in place.

~~~
rubyfan
Great points, I'd view privacy to be a key ingredient to make something like
this work. I don't like built in phishing protection browser capabilities for
this same reason.

Also great points about being a drop in the bucket... I asked a similar
question tonight "Ask HN: Why don't companies sign email the way we do with
HTTPS?"
[https://news.ycombinator.com/item?id=9098079](https://news.ycombinator.com/item?id=9098079)

It seems even the basic security measures we think are "good" really have no
acceptable level of traceability, wide-spread visibility or audibility.

------
rubyfan
Definitely Superfish inspired some thinking on this topic but I do understand
that a compromised system is compromised so better CA or external consensus
does nothing there.

Even still, I'm not totally convinced browsers will spot the MITMs _so I don
't have to_. However, having many-many individual web browsers tracking and
sharing SSL fingerprints to potentially provide consensus as well as some
history and traceability I believe would be a needed public service.

~~~
wmf
[http://perspectives-project.org/](http://perspectives-project.org/)
[http://www.convergence.io/](http://www.convergence.io/)

~~~
forgotpasswd3x
I wish convergence was still actively developed. It seemed like a really cool
idea.

------
wmf
The browser spots MITMs so you don't have to. (If you're thinking about
Superfish, no system can protect you against that same system being
compromised.)

