Christine Lemmer-Webber
So the government of Kazakhstan is MITM'ing all SSL'ed traffic https://lobste.rs/s/uqj8nq/mitm_on_all_https_traffic_kazakhstan#c_0boxyk
The way they are doing this is by adding a Certificate Authority (CA) that allows them to snoop all traffic.
This is, by the way, why SSL is criticized as being "only as secure as the weakest CA in your system". Here it's deliberate, but that's a problem in general.
Christine Lemmer-Webber
It would be better if the internet were modeled off of something like Tor .onion services, where you *know* you have a secure path, because the address is literally the fingerprint of the server. "But how can I make sense of which site is which?" You guessed it, petnames https://github.com/cwebber/rebooting-the-web-of-trust-spring2018/blob/petnames/draft-documents/making-dids-invisible-with-petnames.md
And, bookmarks *are* petnames, with a minor UI tweak https://www.w3.org/2005/Security/usability-ws/papers/02-hp-petname/
The DNS + SSL CA model puts users at risk. I hope we can move past it.
Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.
All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.