Comment by chetanahuja
11 years ago
That's the proffered reasoning as we all know. But the actual outcome (to quote rufb from this comment https://news.ycombinator.com/item?id=8625739)
Encrypted (Certified) COOL GREEN
Encrypted (Self-Signed) EVIL RED
Unencrypted NOTHING / NEUTRAL CHROME
Tell me how the logic works here (for an average user).
Not considering the many holes, cyphersuites, running TLS 1.3+ etc.
( http://wingolog.org/archives/2014/10/17/ffs-ssl )
...it should probably look like this:
Safe against active attacks:
Safe against passive attacks:
Safe against world peace, ie. UNSAFE:
> Tell me how the logic works here (for an average user).
"Neutral Chrome" is the default state of the web -- the site doesn't assert that it should be trusted, and it shouldn't be, and that's the default state people should have in approaching the web.
"Cool Green" is "the site asserts that it has a particular identity and that communication with that identified site is private, and it passes the tests built into the browser's security model to verify all that."
"Evil Red" is "the site asserts that it has a particular identity and that communication with that identified site is private, but it fails the tests built into the browser's security model to verify all that."
Seems to me to be perfectly logical, even if we might prefer a better security model for making and verifying the claims at issue.
Plaintext is zero security.
Self-signed is a low probability of security.
Signed is a high probability of security.
This continuum makes more sense than the current state of affairs.
If someone forwards plaintext, it's called a proxy.
If someone forwards encrypted content on behalf of my server, it's called man-in-the-middle attack, and they should not be capable of doing it without the huge red flags.
Self-signed is a significant probability of man-in-the-middle attack.
I can self-sign a certificate for gmail, the browser correctly warns about potential BIG security issues with it.