I'm actually happy they going forward because part of HTML5's appeal is that it is multi-vendor and is not solely controlled by a corporation like Google or Apple. There's also the canvas, WebGL, WebSocket, tons of new CSS features.įirefox can either choose to keep up with new features or lose 90% of its share to Chrome.
Sound and video input is just the tip of it. This, however, requires browsers to do a lot more than they did before. It is extremely compelling too: you don't need to worry about deployment, supporting older versions, operating systems, etc. HTML5 and JavaScript have become the new, universal runtime that everyone is trying to use to build their applications. This is the way the world is going right now. For applications (including a few browsers) that support certificate pinning, this can also be used with self-signed certs in a trust-on-first-use basis (take a look at, for example, HTTP Public Key Pinning ). Now, if an attacker tries to substitute their *own* self-signed cert, your browser should object, or at least won't show the site as truly secured. For example, you (the user) can add *just that cert* to your trust store. Not that I would ever argue that it's better to have a self-signed cert than a CA-signed one, but it's not as *much* worse as you seem to think.īesides, there's things you can do to make a self-signed cert even more secure. Turns out that's bullshit: the typical threat to people moving valuables is from small arms (which an armored car can shrug off just fine), and the typical threat to browser privacy is from pervasive passive monitoring, which self-signed certs defeat. You're basically arguing that since an armored car can't tae a hit from the cannon of a main battle tank, there's no point in armoring them at all and it would be better for them to go unarmored so as not to lure people into a false sense of security. TLS, even using anonymous Diffie-Hellman or a self-signed certificate, is sufficient to completely defeat that kind of monitoring. However, they aren't actively intercepting that traffic, just passively recording it for later data mining. It just costs money for storage and storage bandwidth. The reason that passive attacks are so concerning right now is that it's pretty trivial for ISPs and governments to record all network traffic that they want to. That requires an *active* attack, though. Now, if they are able to use ARP spoofing or DNS hijacking or can configure the router's upstream host or something like that, then they can intercept traffic and present their own certificate, sure. In that position, the attacker cannot do a damn thing about a self-signed cert.
If somebody has to "be presenting their own" certificate, then they are NOT PASSIVE!! A passive network attacker is, for example, somebody sitting at a coffee shop with the WiFi card in promiscuous mode, watching all the traffic that gets sent over that (open) network. I can't tell if you're arguing this because you don't understand the English language, of if you're just trolling.