why is google allowed to verify itself
Why is google allowed to verify itself
Joshua Garcia
Other urls found in this thread:
twitter.com
twitter.com
Luke Turner
probably because google trusts itself
David Brooks
can't anyone do this?
Joshua Long
i dont
Kevin Lewis
Dominic Adams
dont trust anyone
not even yourself
Josiah Bailey
google is considered a trusted certificate authority by your browser/os
i don't see the potential issue here. in what way do you think the purpose of the certificate is impaired?
Alexander Cook
what this guy said
The problem with identification is getting the certification to the client. Since we obviously can't supply a program with self-signed certs for every possible server, we use 3rd-party servers.
In other words, there's nothing wrong with self-signed certs, only with making sure they are who they say they are. SSH basically works with self-signed certs all the time.
Jayden Hill
lost
Lincoln Walker
That's because if you trust Google you trust Google
Robert Bennett
>SSH basically works with self-signed certs all the time.
Samefag here, I do know there are options like SSHFP records but they are not very widely used
Charles Baker
Google is a certificate authority. So whatever claim about identity of a website they make, your system believes it. It doesn't make a difference If google authority or some other authority claims that google.com is indeed owned by google company.
Sebastian Brown
another samefag, the problem is of course to get the authority certificate to the browser. this is managed by the browser or operating system. updates often add or remove authorities.
on windows you can run certmgr.msc to see the certificate authorities.
Christian Richardson
You don't have to.
Grayson Foster
That's not what it says. It doesn't say this browser trusts this website. It says google.com is trusted by google trust. It's entirely absurd. Don't try to rationalize how fucked up certs are.
Jaxon White
>It says google.com is trusted by google trust.
You're confused. If Google is a trusted CA by your browser, it doesn't make sense to require google's sites to be "trusted" (aka: certified) by someone else' CA. There's a short circuit in your reasoning but probably you can't see it since you're a brainlet.
Dylan Barnes
Certs are all about centralized authentication. You personally get to choose which CA you care for.
Jack Cruz
>It says google.com is trusted by google trust. It's entirely absurd
Its not absurd at all. The question is if you system trusts the claims google trust makes or not. What difference would it make if another authority, e.g. Symantec, would guarantee the identity of google.com?
Eli Rogers
>make my malware botnet
>release it on github
>make my malware website
>make it the homepage of my malware bot
>"Malware botnet certifies that malware homepage is safe"
Do you see how stupid that if you apply it to normal people and not Google.
Brayden Torres
wouldnt work.
David Morales
you would get one of these messages
Adrian Sanchez
normal people are not google and thus they are not CAs trusted by browser vendors, your reasoning is invalid.
William Jenkins
>if there's https on a page, then the content of the page is "safe"
>https = no virus
you're not that ignorant, are you?
Cooper Rogers
The DoD has the same thing.
DoD is a CA, so they can verify their own sites.
Kayden Nguyen
it seems you don't understand what certs actually certify.
strictly speaking, one could use Let's Encrypt and certify whatever they want (without being a CA themselves, but being a CA doesn't mean jack shit)
Isaac Powell
>twitter.com
jesus fucking christ.
Brayden Gonzalez
Lmao, nice