How long until Google becomes an authority and just starts handing out SSL certificates for free?

Doesn't this sound like something they would already be doing?

Would Microsoft accept a Google-signed certificate? Would Microsoft pre-install such certificates by default?

Is there some reason Microsoft would not want to accept a Google signed certificate?

Is there some reason Microsoft would want to accept a Google root certificate?

Regulatory or consumer pressure. The desire to not have the appearance of anti-competitive actions.

... are fuzzy arguments that will be torpedoed by any weal security argument Microsoft deploys against them.

Turn this over on its head. What about Mozilla accepting a Microsoft-run CA?

I really hope they would -- it'd be extremely nice for vanilla Windows Server installs to be able to provision themselves a default certificate.

Of course, Mozilla are the asshats that innovated the draconian dialog maze for self-signed certificates, and as such have made it impossible to ship appliances with HTTPS web interfaces. I hope their heads fall off.

Don't you really want WiFi access point config pages to be HTTPS-only?

I think it's great that Mozilla made it difficult to use self-signed certs. Most people don't use them correctly, and making self-signed essentially off limits to people is a great increase in security.

You should try using ettercap. It's surprisingly easy to intercept all traffic going to and from a self-signed site.

It's easy to use ettercap to mount a man-in-the-middle attack?

Self-signed certs are only vulnerable to mitm attacks, but don't most network topologies make doing that pretty hard?

No. Anyone who can see a DNS query can hijack traffic.

In my experience, Mozilla comes in for the harshest criticism from the people who understand TLS the least.

What's the argument? That Mozilla makes it too hard to use self-signed certs?

Yep.

Google will most likely be a CA on Chrome OS systems and Android systems eventually.

Off topic:

Is there any problem with buying a certificate and using the same certificate for your postfix TLS email authentication that you use for your web server authentication?

I would like to have authenticated email, to minimize the chance of my emails bouncing, and I was hoping to only purchase one certificate. I can't find anybody talking about mail server TLS email authentication on the certification websites. They only talk about web authentication and a bit about email client authentication.

Yep, you can use the same certificate for email (IMAP, POP, TLS). Only works without warnings if your clients connect to the same hostname as the certificate is for (so I usually register something other than www.domain.com for the SSL site)

Look up SPF + DKIM (aka "domain keys").

In case you are looking for alternative free certificate authority then there is also http://CAcert.org

PS. I'm a happy CAcert certificate user ;)

Does any mainstream browser include the CACert root? Without it, you might as well just use no certificate; self-signed certs add no additional security to TLS in the HTTPS case.

At the moment, no, but CACert is working on it. Certificates issued by CACert are still more valuable than self-signed because the owner's identity has been verified and, if the user installs the CACert root once, they can all be checked against it.

Without the root cert installed, they add zero additional security, because the browser can't verify them. They might as well be self-signed.

CACert has been working on this for a long time, and the outlook does not seem positive. If they can't even get past Mozilla's audit requirements, how well do you think they'll fare with Microsoft?

I checked in with someone from CACert at 26C3. As far as he knows, the audit is moving forward and they expect to make it into both.

That's like saying that SSH host keys add no additional security. If I add the self-signed cert to my certificate store, if anyone ever tries to present me a fake one, I'll know.

Doesn't help with public sites, but does with personal administrative ones.

SSH and TLS use two totally different trust models. With SSH, you deliberately accept an insecure first connection, but then rely on key continuity so that subsequent connections won't be any less secure than the first. This happens automatically; users don't have to think about it.

TLS has no key continuity. Browsers talk to tens of thousands of different sites. TLS doesn't work unless you can verify public key signatures all the way back to a trusted root.

Yes, you can manually manage certificates, but you can just as easily add the CACert root to your certificate manager and use TLS the way it's meant to be used. Which, fine, do that. But for the other 99.999% of your users, CACert is no better than a self-signed cert.

So CACert in principle is fine, and better than a self signed. It's just that most (windows) people don't have the CACert root cert installed.

I think many of the linux distributions (notably not including redhat) include the CACert root cert.

You use this word "better" like it means something. If all your users use Linux, you're fine. Otherwise, you need a real cert.

So: no.