Hacker News new | past | comments | ask | show | jobs | submit login

I think you're missing one important detail: the idea behind the green padlock is that the average end user isn't technically capable of (or shouldn't have to) monitor all the details of their internet connections to make sure they're secure.

If that basic intuition about users is correct, the solution is not to give up on this and force users to deal with the true complexity of the situation. The solution is for the browser to show a red blinking INSECURE instead of the green padlock when the cert it receives for a site doesn't have a valid chain to a root in the default key store shipped with the browser.

To be honest, I can't figure out why this isn't already the default behavior. It would solve a bunch of other problems as a side effect, including insecure crappy antivirus programs that MITM your internet connection.

if they can force a cert into your os trust store they can force a cert into your browser trust store, this solves some very specific issue but not this one.

That's why I said "store shipped with the browser". I don't think Kazakhstan has the ability to get Firefox to ship their root cert.

this is kinda rich under an article where they forced a cert into the is trust store. it takes the same amount of effort to get the cert into browser specific stores because these need to be editable and an installer get control of the system anyway

"it rather involves being already at the other end of this airtight d doorway"

the current page ask the user to run an installer, elevating privilege. there's nothing a browser can really do against that. DLL can be replaced and signatures can be tempered etc.

just because you said "ship them with the browse" doesn't make you magically right nor safe under the linked threat

Alerting the user when a MITM certificate is active in the trust store is relying on a completely different threat model than "protect the entire operating system against state-mandated malware". I'm saying browsers should at least do the former. You seem to think that's pointless unless they also do the latter, but of course they can't do that. Some security of the trust store is better than no security.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact