i wonder if I could configure my browser to accept self-signed certificates?

Would have to be with a very noticable warning. Other than that, it could use TOFU like Gemini.

Show thread

@Hyolobrika
It almost works like that already.
When you open a page on a server with self-signed cert, it gives you a warning, if you accept it, it adds an exception for that cert — you can see the list in preferences under Privacy & Security → Certificates → View certificates → Servers

@Hyolobrika
It also keeps the fingerprints so if you get a different cert on a later visit, it will give you a warning again.
To simplify adding an exception on the first visit you might want to consider this: kb.mozillazine.org/Browser.xul

@m0xee More websites in the software freedom focussed nerdosphere should use self-signed certs and rely on TOFU like Gemini does.

You don't need permission from a certificate authority then, much more independent.

@Hyolobrika @Hyolobrika
Self-signed certs do not provide the capability to revoke them. Imagine that a malicious actor isn't just spoofing the site you trust with their own self-signed cert, but that the private key got compromised. With self-signed certs you have no way of telling users that the already trusted certificate is no longer valid, such a capability implies some sort of infrastructure and infrastructure implies hierarchy as someone has to operate it🤷

Doesn't PGP do that with revocation certificates?
Why can't TLS do the same thing?
@Hyolobrika @m0xee PGP revocation requires that you search the same keyservers for the revocation that they published it to. If they didn't publish it where you'll find it you're screwed.

But yeah theoretically you could have a private CRL server if we could get OSes and browsers to let us configure it

@feld @Hyolobrika
Another problem with HTTPS and self-signed certs is that while Firefox was created in the days when self-signed certificates weren't considered bad. However, relying on centralised authorities became a tradition since, so newer software might be designed differently, e.g. rustls which has become the dominant Rust crate for TLS stuff, doesn't allow handling TOFU and self-signed certs cleanly: github.com/rustls/rustls/issue for them it's "dangerous_configuration" 😩

@m0xee @feld I'm not a Rust programmer (or any sort of programmer at all really), but that doesn't look too bad to me. You just have to tell it explicitly "I want to do this dangerous thing". Isn't that the Rust ethos?
Follow

@Hyolobrika @feld
Just noticed this reply, sorry. No, it's not just about stating the intent clearly, it's more of a build flag — you have to build this crate with support for handling such cases, by default this code just gets excluded, and as this isn't a default feature, I suppose it doesn't get tested as thoroughly, it might take time for the devs to notice that something is broken in that code. Which IMO is a quite different approach.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml