top | item 6724445

(no title)

johndoeee | 12 years ago

The first proposal doesn't require you to buy a certificate, see: http://tools.ietf.org/html/draft-nottingham-http2-encryption...

With that http will be encrypted with no certificate check and https will still have the good 'ol check.

discuss

noir_lord|12 years ago

The irony is that in that situation http with ssl and a randomly generated cert will be more secure than HTTPS which uses the CA's Cert, hell I'd like the HTTPS to use the CA's cert for identity but use a self-signed cert for actual data transfers.

CA's are a single point of failure for security.

Sae5waip|12 years ago

Don't worry, you just don't understand how TLS works :-)

The CA never gets the private key. Instead they get a certificate signing request (CSR), which only contains the public key part. They sign that.

Oh, and then there is perfect forward secrecy, which basically means that even the servers private key is not the one used to encrypt the actual data (after the initial handshaking, and only for suitable cipher suites, subject to downgrade attacks).

Disclaimer: at least, thats how its properly done. Some CAs offer a "send us your cert and we'll sign it", and dumb people who shouldn't be admins use it because it's (slightly) easier to use.

But you got the conclusion right, the notion of CAs is problematic.