Why is Google allowed to verify itself?

Why is Google allowed to verify itself?

(((Because))).

Why do you ask? Don't you trust them?
Careful there, you'll trigger the thought police.

the whole cert thing is a fucking racket. It doesn't mean anything..

FYI, we all should have our own private PKIs set up with a single offline system being the upper two tiers of CAs (the first level root, and a few role semi-specific subordinate second level ones). The next (third) layer of CAs are subordinate ones that are very role-specific (IPSec client key CA, HTTP server client key CA, OpenVPN keys CA, SSH key CA, Windows Server Enterprise CAs for use in Active Directory and EFS, etc). The first two offline layers can all be on a single machine with multiple CA certs in that arrangement logically. It's best to break up the online subordinate CAs into various virtual machines or instances rather than have it all on one logical system (for security reasons).

Then we can implement cross-certification authority trusts and begin replacing the infrastructure. Sure, X.509 is complex, but it shouldn't be thrown out in favor of some Tox-tier (((solution))).

the real solution is namecoin

...

no idiot

X.509 is a stupid fucking toy academic idea with no merit what so ever. the only solution to "le ebin naming problem" is petnames.
petnames are 100000000x easier to implement (that's probably not even an exaggeration), and are actually secure. X.509 by definition cannot be secure.

namecoin is a meme, but it's still much preferable to DNS/X.509

HAHAHA

He who owns the fiber makes the verifications.

It shouldn't but, you know, Google is evil. So stop using it.

Why is Symantec?

As it should. How did it get so bad with the verifications is beyond me.
Just let everyone verify themselves. HTTPS is just to ensure the connection between the client and the server is encrypted end-to-end, not to verify who the owner is. If anything, the trustworthiness of a website should be a different thing.

...

Security is just a matter of "who do you trust?"
If you don't trust unknown entity X why do you think trusting unknown entity Y is any better? Why not trust as few unknown entities as possible and trust yourself instead? Set up your own mailserver, vpn, certificate authority, isp, keys, security, file encryption. Any time you interact with other people there's a certain level of risk. But you can at least minimize the risk to an acceptable level.
A lot of you guys are just like "gib me dats" niggers you're always complaining about. "Nobody's doing everything for me for free and it's so unfair." "I abused his free service like an asshole and he told me to get the fuck out. That's unconstitutional!"
Stupid faggots.

Samefag

How suspicious. Can't talk about suspicious fraudulent "I am a trusted source. Source: me" shit on Holla Forums, that's not linux or stallman worship, that's actual technology, shut it down.

Certificates have the added benefit to prevent MitM attacks though

What's suspicious about this in a post-CT world? Why are you silent on the CNNIC issue? Who are (((you))) shilling for, concern troll?

The ONLY problem with HTTPS certificates that the browsers.
Browsers should display the same indication for a self-signed and domain validated certificates, and display a different indication for certificates they actually verified.

I remember when there were yellow and green url bars on https pages. But today when normies still get green "safe" bars for mitm cloudflare certs, the only hope is that /g/'s new browser will get it right.


Not for normies, not with the current browser UI implementation: see CloudFlare.


No. And please stop promoting any type of technology or cryptocurrency which is vulnerable to 51% attack.
The real solution is something much easier and already available: use IP addresses with self-signed certificates, or .onion addresses.


This statement is only valid for domain validated and self-signed certificates.


Let's Encrypt (and most automated Domain Validation certs) doesn't verify the owner. They verify the IP address where the domains pointed at the time of verification.


Ignore this retard poster.

name a single problem with petname systems
protip: you can't

Specially for normies.
Request an HTTPS site with an "Invalid" certificate and your browser won't let you enter the website until you add it as an exception.
You mean when CloudFlare redirects you before accessing a website?
That doesn't require any user interactivity like an invalid certificate does.

He's not illiterate, he just has a usecase that requires every single TLS stack in the universe has to support the Favorite Drink field in his SSL cert (OID 0.9.2342.19200300.100.1.5)

Why can't you trust the government OP?

Some problems:
- "Verified" is basically meaningless to most people. Doubly so when roots of trust go bad (Comodo, any number of defunct CAs whose assets end up god-only-knows where)
- If a self-signed cert is assumed good then that's all you need to do to get rid of cert warnings for a compromised site. Or more perversely, using plain HTTP.
- SSH-style continuity could address this but interacts poorly with sites that roll over keys periodically (like Google, I'm always getting that when trying to access my Gmail in claws-mail).

He's talking about Cloudflare acting as a MitM between you and the website you are trying to access. i.e.
(You) CuckFlare The website

Why not? You're using their dns after all.

Are you questioning the great overlord? Wow prepare to be taken off to the reeducation camps, you filthy heretic

If you're implying this thread is being "slid" because of some online group conspiracy then kindly kill yourself

Interesting

That doesn't undermine certificates' MitM security though. CloudFlare couldn't have set that up by themselves, that's something the website owner does.
The 8ch.net domain, for example, redirects to CloudFlare's IP so that Holla Forums's IP remains hidden.