multiple subkeys and key transition

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 11 December 2010 at 11:49:23 PM, in
<mid:4D040E03.1020404 at fifthhorseman.net>, Daniel Kahn Gillmor wrote:


> On 12/11/2010 06:22 PM, MFPA wrote:

>> A question on the subject of SSL/TLS certificates and
>> HTTPS: often there is no user requirement to
>> "authenticate" the identity of the server, but rather
>> a simple requirement to prevent snooping; why does
>> this need a certificate?

> "prevent snooping" means "only me and the remote server
> i'm connected to has access to the communication".

> if you don't know who the remote server actually *is*,
> you cannot prevent snooping by a man-in-the-middle.

That's a fair point; it depends on the threat model. RFC 5246 says the
authentication is optional, but that completely anonymous connections
only provide protection against passive eavesdropping, and server
authentication is required where active man-in-the-middle attacks are
a concern.

But couldn't a man-in-the-middle server authenticate by presenting the
user's browser with an acceptable certificate signed by a "trusted"
CA? And is a self-signed certificate any more or any less secure in
this scenario?


- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

Was time invented by an Irishman named O'Clock?
-----BEGIN PGP SIGNATURE-----

iQCVAwUBTQQv/KipC46tDG5pAQpW0AP/bAu1BH4NQMa95FaZ89A2kB2gdE4koxmj
xhKTdTLwnW/PHLPch1vCk6YAPkZxlxAr1wrTi7Mp/9zZWJ5HDi/IZqMnEKyCB7nX
GVe/zuVzd1U2HjIK9IvTzko7UIek9YSNmKE94ejz5Bo/c/1AXZ32xgrZ0w97US6k
LdhIQd2Np+Q=
=RAF9
-----END PGP SIGNATURE-----