Certificate expired

Thoughts on the further development of Haven & Hearth? Feel free to opine!

Re: Certificate expired

Postby MagicManICT » Mon Feb 22, 2021 11:08 pm

shubla wrote:Well there is a good reason why accepting custom certificates has been made difficult.

But it's not a good reason. It's asking one unknown 3rd party to be more trusted than another unknown 3rd party just because someone said "I'm the basis of trustworthiness." That trustworthiness is the reason I don't use Chrome. My trust for the whole Google enterprise has soured greatly over the last decade, to the point I rank them down there with Facebook and Apple, which is slightly higher than "known malware sites."

If anything, I'd say the world is getting savvier when it comes to computer and data knowledge... because they have to be. If anything, I think moves like these can be labeled as "Big Brother" style gatekeeping.
Opinions expressed in this statement are the authors alone and in no way reflect on the game development values of the actual developers.
User avatar
MagicManICT
 
Posts: 18437
Joined: Tue Aug 17, 2010 1:47 am

Re: Certificate expired

Postby Sevenless » Tue Feb 23, 2021 12:57 am

MagicManICT wrote:
shubla wrote:Well there is a good reason why accepting custom certificates has been made difficult.

But it's not a good reason. It's asking one unknown 3rd party to be more trusted than another unknown 3rd party just because someone said "I'm the basis of trustworthiness." That trustworthiness is the reason I don't use Chrome. My trust for the whole Google enterprise has soured greatly over the last decade, to the point I rank them down there with Facebook and Apple, which is slightly higher than "known malware sites."

If anything, I'd say the world is getting savvier when it comes to computer and data knowledge... because they have to be. If anything, I think moves like these can be labeled as "Big Brother" style gatekeeping.


"It was always a little unnerving that the google's motto was "Don't be evil", but it's extremely alarming that they've now removed it" -Paraphrased from John Oliver (90% sure he said it)

https://www.searchenginejournal.com/goo ... 019/#close

Ok not *entirely* true but the idea amuses me.
Lucky: haven is so quirky
Lucky: can be so ugly, can be so heartwarming
Sevenless: it is life

The Art of Herding
W15 Casting Rod Cheatsheet
Explanation of the logic behind the cooking system
User avatar
Sevenless
 
Posts: 7292
Joined: Fri Mar 04, 2011 3:55 am
Location: Canada

Re: Certificate expired

Postby shubla » Tue Feb 23, 2021 7:13 am

MagicManICT wrote:But it's not a good reason.

For an average user this is the best system. Period.
You can go all philosophical about it but what would be a better system? And I'm talking about practical systems, that even your grandma can use. Not some difficult complicated time consuming systems.
Call loftar every time you visit the site to confirm authenticity of the certificate? What about sites like google or your bank? Visit their office to receive the cert to plug into your system?

If its too easy to accept custom certificates, there wouldn't be much of help from them proving some sites as reliable, such as banks. Because people would have all kinds of stuff accepted on their systems.
You can get valid certificates that all main browsers trust literally for free these days. So only reason not to do it is this stubborn ideological nonsense.

Stealing CA's is not too common. Yes it happens, but chances of some random internet criminal getting access to them is like 0. So they do their job pretty well.

"It was always a little unnerving that the google's motto was "Don't be evil", but it's extremely alarming that they've now removed it" -Paraphrased from John Oliver (90% sure he said it)

Its a fun joke but in reality the reason why it was removed is that its not too professional. And maybe it could be interpret in various ways in court etc. So better not take the risk.
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Certificate expired

Postby loftar » Tue Feb 23, 2021 7:29 pm

shubla wrote:You can go all philosophical about it but what would be a better system?

A more PGP-like system would be worlds better. The main technical advantage is that a key (aka certificate) can be signed by multiple other keys, and can even be signed by keys without needing to be integrated into the main key itself. Among the multiple advantages this would have are:
  • It would be simple to have and maintain alternative trust roots, an extended web of trust, or even to just trust your own key signatures, for those who actually care about security.
  • You could still have a few so-called "trusted" master keys shipping with various operating systems by default, conserving the convenience (and lack of real security) of the current system for those that prefer not being secure.
  • I could easily have LetsEncrypt or w/e sign Haven's website key without having to give up signing it with my own key that I can ship with the client.
All upsides, literally zero downsides. I'm sure I'd still complain about the protection racket of the maintainers of the master keys shipping with operating systems by default, but it would at least be possible to work around it.
"Object-oriented design is the roman numerals of computing." -- Rob Pike
User avatar
loftar
 
Posts: 8926
Joined: Fri Apr 03, 2009 7:05 am

Re: Certificate expired

Postby Agrik » Tue Feb 23, 2021 10:37 pm

shubla wrote:For an average user this is the best system.
Average among whom?

shubla wrote:And I'm talking about practical systems, that even your grandma can use.
"Build a system that even a fool can use, and only a fool will want to use it." (George Bernard Shaw)

If your grandma needs it, sure, there can be such system. "Grandma Trust Certificates", just fine, especially with a group of competitors, so the monopoly won't blackmail grandmas from all over the world to accept arbitrary terms. Even if a totally illiterate person needs something even more simple, there can be even such service, because, well, that person would need to trust somebody anyways.

Just don't force others into it. Don't pull others down to the level of people who have to trust because they can't manage the task themselves. Don't force people to trust if they don't have to, that's would be plain violence. Amazingly, it is usually employed by people who see themselves as unquestionably good and trustable.

shubla wrote:If its too easy to accept custom certificates,
Of course, it shouldn't be "too" easy, like, easy to do accidentally, as in "one click on the webpage without confirmation". But it shouldn't be "too" hard as well.

shubla wrote:there wouldn't be much of help from them proving some sites as reliable, such as banks. Because people would have all kinds of stuff accepted on their systems
For me it looks totally opposite, they would have exactly what they agreed and approved themselves, instead of who-knows-what they have trusted now.

I wonder what you mean by proving a site as reliable, in the case when it's the viewing person who is "unreliable".

shubla wrote:You can get valid certificates that all main browsers trust literally for free these days.
It's a misconception that the price can be set in money only. If there are requirements and conditions, the thing is not "for free". "For free" would be like an open software: use whatever you want unconditionally. I'm not sure your "You can get valid certificates" works this way...

shubla wrote:Its a fun joke but in reality the reason why it was removed is that its not too professional. And maybe it could be interpret in various ways in court etc. So better not take the risk.
I see no joke in a good motto and no professionalism in yielding to others' opinions.
Agrik
 
Posts: 268
Joined: Wed Jan 27, 2016 4:41 pm

Re: Certificate expired

Postby shubla » Wed Feb 24, 2021 8:07 am

shubla wrote:there wouldn't be much of help from them proving some sites as reliable, such as banks. Because people would have all kinds of stuff accepted on their systems
For me it looks totally opposite, they would have exactly what they agreed and approved themselves, instead of who-knows-what they have trusted now.

I wonder what you mean by proving a site as reliable, in the case when it's the viewing person who is "unreliable".

You probably know what I mean.

If certificate is "trusted" you get green lock and this. But if its not, you'll get a warning that may make it difficult to enter the site especially for slightly computer illiterate person.
Image
Yes its not foolproof. Certificates can be stolen etc. but its very rare, you don't see it often.
And yes, user is often the biggest problem for sure, but if we think about ways to prevent this precise method of attack, the current CA system(the general way trust works in https connections) works quite well to prevent it.
It is enough to get the user verify that url is their banks url and that there is the green lock, and that pretty much deals with various possible attacks.

Agrik wrote:
shubla wrote:For an average user this is the best system.
Average among whom?

Among all the people? Pick a random person from the street, to him its probably a good or best system out of all available options.

loftar wrote:
shubla wrote:You can go all philosophical about it but what would be a better system?

A more PGP-like system would be worlds better. The main technical advantage is that a key (aka certificate) can be signed by multiple other keys, and can even be signed by keys without needing to be integrated into the main key itself. Among the multiple advantages this would have are:
  • It would be simple to have and maintain alternative trust roots, an extended web of trust, or even to just trust your own key signatures, for those who actually care about security.
  • You could still have a few so-called "trusted" master keys shipping with various operating systems by default, conserving the convenience (and lack of real security) of the current system for those that prefer not being secure.
  • I could easily have LetsEncrypt or w/e sign Haven's website key without having to give up signing it with my own key that I can ship with the client.
All upsides, literally zero downsides. I'm sure I'd still complain about the protection racket of the maintainers of the master keys shipping with operating systems by default, but it would at least be possible to work around it.

Well I guess changing the underlying system to something like that would be an improvement. But that would still bring little to no gain for most people.
It's interesting why X509 can only have 1 signer, did it just happen or is there some reasoning behind why it cannot be expanded to have multiple ones.
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Certificate expired

Postby MagicManICT » Thu Feb 25, 2021 8:09 am

shubla wrote:It's interesting why X509 can only have 1 signer, did it just happen or is there some reasoning behind why it cannot be expanded to have multiple ones.

There's a LOT of public discussion on these security protocols, but you have to dig back into some pretty dated archives at this point. I really don't recall what sort of RFCs came out at the time on setting the whole lot up.

For what it's worth: there was a lot of legal arguing over PGP back in the early and mid 90s. The international community wanted something that wasn't going to be stomped on by US import/export laws.

I think changes like this could be done if you could get one of the major browsers to adopt it... say like Mozilla. Didn't HTTPS Everywhere start out as a Firefox thing and quickly got ported over to an available plug-in for all the major browsers? it's been a part of the TOR browser bundle forever and a day in terms of software lifetime, and is now pre-installed into Firefox.

shubla wrote:And yes, user is often the biggest problem for sure, but if we think about ways to prevent this precise method of attack, the current CA system(the general way trust works in https connections) works quite well to prevent it.

An HTTPS connection only needs a cryptographic key pair. You don't have to have any certs for this... anything, really. It's built into the protocol. The CA system tries to go several steps farther, steps that they can't reliably ensure. As far as I see it, it makes the system less reliable as it introduces in the equivalent problem of "social engineering" problems. These problems are on a bigger scale than just trying to bluff your way into the door or the password of the day from the receptionist. It plays into the public consciousness of what trust is and isn't, leaving those same novice computer people compromised. Much of this was discussed 25-30 years ago when these standards were being put together, but as usual, some warnings were ignored in favor of ubernerd egotism.

@loftar: isn't the core HTTPS protocol based on the PGP public key cryptography, anyway, or some version of it?
Opinions expressed in this statement are the authors alone and in no way reflect on the game development values of the actual developers.
User avatar
MagicManICT
 
Posts: 18437
Joined: Tue Aug 17, 2010 1:47 am

Re: Certificate expired

Postby shubla » Thu Feb 25, 2021 8:16 am

MagicManICT wrote: The CA system tries to go several steps farther, steps that they can't reliably ensure. As far as I see it, it makes the system less reliable as it introduces in the equivalent problem of "social engineering" problems. These problems are on a bigger scale than just trying to bluff your way into the door or the password of the day from the receptionist. It plays into the public consciousness of what trust is and isn't, leaving those same novice computer people compromised.

They can ensure it reliably enough. As I said, what is the alternative? In how many occasions have for example netbanks sites been compromised because of somebody getting hold of the CA? Now imagine if there was no such system, and you would have literally no way of knowing authenticity of any site.
One could argue that there is not much help of encrypted connection if you cannot be sure that the one that you are connecting to is who he says he is. Like if you want people not to know what your credentials to certain site are, but then you don't even know if you are connecting to that site or some fraudulent hackers site! Not much of help from SSL then. So thus I would say that the CA system is very important core part of the HTTPS connection.

Notice that it primarily protects you from somebody in the middle being unreliable. If somebody can read, he can probably also modify the data, so verifying authenticity of the host is almost equally important.
Image
I'm not sure that I have a strong argument against sketch colors - Jorb, November 2019
http://i.imgur.com/CRrirds.png?1
Join the moderated unofficial discord for the game! https://discord.gg/2TAbGj2
Purus Pasta, The Best Client
User avatar
shubla
 
Posts: 13043
Joined: Sun Nov 03, 2013 11:26 am
Location: Finland

Re: Certificate expired

Postby loftar » Mon Mar 01, 2021 2:21 am

shubla wrote:It's interesting why X509 can only have 1 signer, did it just happen or is there some reasoning behind why it cannot be expanded to have multiple ones.

It was written by the ITU, what else can you expect? The very idea of a decentralized system probably didn't even strike them.
"Object-oriented design is the roman numerals of computing." -- Rob Pike
User avatar
loftar
 
Posts: 8926
Joined: Fri Apr 03, 2009 7:05 am

Re: Certificate expired

Postby Agrik » Mon Mar 29, 2021 10:04 pm

I'm sorry for not answering for a long time. Though I still don't know if I will be able to reply faster in the future.

shubla wrote:You probably know what I mean.
I'm sure I don't know, else I wouldn't be wondering. I may guess it at best, but that's not a good way for discussion, I think.

shubla wrote:If certificate is "trusted" you get green lock and this. But if its not, you'll get a warning
Trusted by whom? Again, if the viewing person can't discern who is trustable and who is not, they as well can't discern whether such a middleman is outwitting them.

shubla wrote:that may make it difficult to enter the site especially for slightly computer illiterate person.
That's literally opinion-based discrimination. It can avert people from quite normal sites.

shubla wrote:Yes its not foolproof. Certificates can be stolen etc. but its very rare, you don't see it often.
Main point, I think, is that it's not... can't find a better word... "dictatorproof". or "authoritarianism-proof".

I literally have a "certificate error" warning on this forum, that expands to, among other phrases, "we recommend to close this page". How would less computer literate person know that this "recommendation" is a misleading act of discrimination by people he chose to trust?

shubla wrote:And yes, user is often the biggest problem for sure, but if we think about ways to prevent this precise method of attack, the current CA system(the general way trust works in https connections) works quite well to prevent it.
It is enough to get the user verify that url is their banks url and that there is the green lock, and that pretty much deals with various possible attacks.
I think, user, at most, is a problem to himself, and then no other person has a right to call him "a problem". If the user is aggressive, then the aggressiveness is a problem, not the illiteracy. And if somebody would punish you for not satisfying a user enough, it's the punisher who is a problem, not the user.

Regarding attacks, well, prevention of some kinds of threats by means of creating others... it's hard for me to call this a security.

shubla wrote:
Agrik wrote:
shubla wrote:For an average user this is the best system.
Average among whom?

Among all the people? Pick a random person from the street, to him its probably a good or best system out of all available options.
So we return to the question why there should be only one system tailored to the averagest person. Try to apply this principe to other spheres to see its downside.

shubla wrote:But that would still bring little to no gain for most people.
Did you mean "little to no immediate, direct and totally obvious personal gain for most people"? There can be many indirect benefits even if they directly affect only a small but a useful part of a society.
Agrik
 
Posts: 268
Joined: Wed Jan 27, 2016 4:41 pm

Previous

Return to Critique & Ideas

Who is online

Users browsing this forum: No registered users and 19 guests