It's like the larger holy war against self-signed certificates in TLS. They are strictly better than plaintext but there is software that will prefer a plaintext connection to self-signed TLS.
Nope. An unverified TLS session still cannot be examined by a third party. You know you are communicating with exactly one party, even if you don't know who that is.
Your attacker may share the data with a third party, but that's true of verified connections too.
It is true that an unverified TLS session does prevent passive attacks it does not prevent against "active" attacks. The general consensus is that it's not a useful property to differentiate passive from active here, since every passive attack can be upgraded to work as an active attack, on top of the fact that explaining the subtle differences to people is extremely difficult (and since they can be upgraded to active attacks, not worth it).
It's been a couple days since this thread quieted down, but I've continued to think about the logic behind the discussion. I believe the fallacy here is akin to arguing about numbers without units attached to them.
For most of the people in this thread, the units are all something like "number of times my house burns down." I guess I'd rather my house burned down once rather than twice, so to that extent your position is not irrational. But the second time is not meaningfully different; the only further loss is maybe a magazine or newspaper that the postal service delivered the day after the first fire and placed on the ashes that used to be my mailbox. It's certainly sad that I won't get to read the paper after the second fire in as many days, but I'm still mostly concerned that my house burned down.
Your units, on the other hand, are inconsistent and surprisingly ordered. Either you really enjoyed the unburned article you read, apparently enough to forget that the rest of your worldly possessions are gone (this is the "at least nobody eavesdropped on my conversation with the MITM" position), which implies that the units are large, or that avoidance of eavesdropping outweighs undetected MITM. Or else you wear an asbestos suit 24/7 because you already assumed most of the world is on fire and don't care if it engulfs your home (this is the part about how you believe HN could someday serve malicious JS, so that origin authenticity wasn't a big deal in the first place), which suggests that the units were small.
Your values are your own, and only you can decide to change them. But the discussion might have been shorter and smoother if you'd acknowledged that others have been using a single, consistent unit called "catastrophes," and that the only numbers we care about are zero and any.
Good analogy. I stopped responding after I understood some easily avoidable risks were totally acceptable to bandrami. That's not how my risk model works, especially when it's usually very easy to not accept such risks at all and the alternative would be a potential disaster.
I personally like to have my life/work set up so that I know what catastrophies _can't_ happen (the probablities can be compared to the effort required to boil oceans or waiting until the heat death of the universe).
Again, not "totally acceptable", but better to be limited to a single attack channel than multiple ones. You're just being willfully obtuse to ignore that.
+1. High-school curriculums should include something like applied Bayesian reasoning. Understanding dependent probabilities is an underappreciated superpower.
What I learned from this thread is that a lot of y'all seem to trust counterparties a lot more than you should just because one of the 172 CAs in your OS's chain will claim they are who they say they are. Remember that those 172 CAs include the Chinese and Turkish governments.
"Private chat with the devil" is not a useful security model for most web sessions, and it's certainly not suitable for codesigning. Authenticity is the property we're aiming for; if it was just integrity, we'd do nothing at all other than provide digests.
> "Private chat with the devil" is the perfect security model for most web sessions. I trust very few websites I visit in any real sense.
I'm sorry, but this is either incorrect or a gross misunderstanding of your own threat model.
Most people treat their online self as an extension of their physical self: that means banking information, private personal details, intimate communications, and everything else that's normally private by virtue of physical ownership needs to go through an authenticated channel.
You might not care that someone can't MITM your Wikipedia traffic, but you almost certainly care that someone can't MITM your tax returns or your medical records.
> You might not care that someone can't MITM your Wikipedia traffic, but you almost certainly care that someone can't MITM your tax returns or your medical records.
So presumably, you'd demand a cert from a trustworthy authority in those cases. But you still don't want your ISP to be able to inject ads into the recipe blog you're reading.
And I definitely want 3rd party verification for my tax preparation website.
But I don't trust news.ycombinator.com any more than I trust somebody pretending to be news.ycombinator.com; validating that cert does nothing useful for me.
> But I don't trust news.ycombinator.com any more than I trust somebody pretending to be news.ycombinator.com; validating that cert does nothing useful for me.
Yes, you absolutely do. You don't expect news.ycombinator.com to serve you malicious JavaScript, or to redirect you to porn, or to do anything other than serve churlish content from the Internet commentariat.
