"Taking money by force from people who earn it honestly and transfering it to those who claim to need it IS socialism."
If that is the case, then the only form of government that has ever existed is a socialist government. That makes the term "socialist" an effectively meaningless one, since it can't be used to draw distinctions.
Which is pretty close to the truth of how the word is used nowadays, now that I think of it -- an effectively meaningless insult that is thrown at anything the person using the term doesn't like.
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: SSL is *not* just confidentiality
The question isn't if your OS CD has been compromised. Fraudulent keys can be, and have been, distributed in these databases without the OS makers knowing that they were fraudulent (since they pass the chain of trust test).
"A deeper question is how do you even trust your hardware not to spy on you."
I don't, personally, just as I don't consider having a key signed by a CA Authority to be "trusted". I am admittedly a huge nerd, but I watch all the outgoing traffic from my network specifically to catch that sort of thing.
This fold back into the point you're making, and you're quite correct: huge nerds can regularly vet keys for an increased level of confidence (it will still not be 100%, but what is?) The bigger security problem is with people who don't know how, or don't want to bother, to do these things.
The government has taken the stance that websites operating outside the US and doing business with US citizens are subject to US laws. If that continues to hold water, then we have to change your statement to "Unless you live in New York City, or a state with 'revenge porn laws', or you tweet to someone who lives in such a state..."
I fully understand the point. I'm just saying that this isn't a problem cryptography can address. Cryptography can only confirm who you're talking with, that what you're getting is actually what they sent, and that nobody can listen in. That's it.
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: SSL is *not* just confidentiality
"Well, I think part of the point is that the public keys are publicly available."
Yes, that's not the issue at all. The issue is "how do you know the public key you have is really from who you think it's from." This question is answered in one of two ways -- you've personally confirmed it in a secure fashion (making it a "trusted key", or someone else you trust confirms it and indicates so by signing it with their trusted key.
The "trust chain" is the chain of these signatures -- untrusted key A can become trusted because it was signed by key B, which was signed by key C, which was signed by key D (and so on). If you trust key D, then you're good and can consider key A trusted.
There's a few problems with this, but the problem I arises with people obtaining key D (the root CA) in an untrusted way -- such as being included in a default database that gets shipped with an OS or piece of software. This is what allows MITM attacks to happen. If key D is fraudulent, then you'll mistakenly trust all the keys signed by it, allowing the frauds to generate trusted keys that misrepresent themselves (as, say, belonging to your bank).
"can look at the root certificate on my computer and, say, visit the website on another computer in a different location and compare. If they don't match I can notice the difference and investigate."
You technically can. But do you? I'll bet not, as that would mean checking literally hundreds of keys on a regular basis.
"The certificate authority can also go online and check that various different locations and ISP's are giving the correct keys when they are looked up and take action if not."
They could, but none do, nor are they likely to start.
Re: Re: Re: Re: Re: Re: Re: Trust is a another issue
True. Although you can avoid this by using other flavors of Android which do allow you to revoke individual permissions in a fine-grained way (this is what I do). The mainstream flavor of Android will be gaining this ability very soon, too.
"you must acknowledge that your opinion is impotent."
...and therefore what? What is the point of saying this? It sounds like your implying that since his opinion is impotent, he shouldn't bother expressing it.
That's the sort of thinking that allows tyranny to persist. A single opinion from someone who does not wield power may be impotent. However, in expressing that opinion, others who shre it may join in the chorus. The chorus may saw greater opinion. Eventually, those who wield power must yield to that opinion. It's happened throughout history and is, in fact, the only reason why some great injustices have been corrected.
In the end, his opinion could be very potent indeed. Perhaps this is what you are wishing to prevent?
Re: Re: Re: Re: Re: Re: Re: Trust is a another issue
Yes, I agree. I'm not actually saying that the police won't abuse the permissions. I personally wouldn't touch it with a ten foot pole. I'm merely saying that the permissions being requested aren't evidence of intent.
If you click the report button a second time, it takes back your vote. I think I read somewhere, though, that once a comment has received enough votes to be hidden, undoing votes won't make it unhidden again. But I'm not sure.
The idea is to ensure that you know who you are communicating with and that the communications are not decipherable by others. No cryptographic scheme can ensure that the entity you're communicating with is a good one who won't, for example, send malware your way.
Re: Re: Re: Re: Re: Re: Re: Re: SSL is *not* just confidentiality
That preinstalled database of site certificates actually breaks the trust chain as prescribed by good public key crytptographic principles. That was an intentional tradeoff between convenience and security, so it's no wonder that it opens an avenue for a MITM attack.
Technically, the way it's supposed to work is that you obtain the initial root CA in a secure manner. This means that you should get those certificates in person from the source and that you have personally confirmed that the person handing you the cert is, in fact, who they say they are.
Obviously, this presents some logistical problems when you want to do things on a large scale. This is an incredibly difficult problem, and is the primary weakness of public key cryptography. Nobody has really come up with a better way yet.
Every crypto scheme has this problem of secure key exchange. Public key cryptography is much better at minimizing the problem than any other scheme to date. But it's imperfect.