2

In our company we currently have a disagreement about imperfect security.

Our current main project is an embedded device with a web server running on it. One of our customers wants HTTPS for that web server, but because of the setup and the use case, there is no way to run it using anything but self-signed certificates, which is a security problem, because they can easily be circumvented using a man in the middle attack.

So the current discussion is about if that is a security gain. The one side says, it is better to have imperfect security than no security (e.g. a fence without barbed wire on top at least keeps the dogs from pooping on the lawn) while the other side says, imperfect security would only lead to a false sense of security (e.g. if I know my front door has no lock, I would adjust to that and better hide my stuff).

Which side is right? Is it better to have imperfect security or no security at all?

Edit: This question is not meant only for HTTPS/TLS, that's only an example, since we had this discussion about a few other things as well. I am asking about the basic concept behind the whole thing. Another way to put the question would be "Do the dangers of a false sense of security outweigh the benefits of imperfect security?"

Dakkaron
  • 220
  • 1
  • 8
  • 6
    certificate pinning...? – Richie Frame Mar 03 '16 at 11:37
  • I'd say it's better to have bad security than no security. The point of the "no security side" depends on the users. Is everyone accessing or interacting with your webserver well aware that this is "only" [TOFU](https://en.wikipedia.org/wiki/Trust_on_first_use) encryption? (you *do* use something like HPKP, right?) – SEJPM Mar 03 '16 at 11:41
  • Your customer asked for HTTPS so give them HTTPS! This will be better than nothing. And yo may also provide them the public key for the certificate or root certificate so that their user can validate the connection and avoid the man in the middle problem if they really want to be safe. – borjab Mar 03 '16 at 11:43
  • Ah, the age-old discussion whether some limited security is better than none, the one we had before with soft-fail certificate revocation checking and most recently with opportunistic security in HTTP/2. In general there is no simple answer. I guess any reasonable position is in the middle between the camps. – phk Mar 03 '16 at 12:05
  • This is lame... @Adi edited my question so that it was a duplicate and then marked it as duplicate, even though the question itself is only remotely simmilar to the one flagged as duplicate. – Dakkaron Mar 04 '16 at 11:54
  • @Dakkaron Your original question wasn't acceptable in the first place. I would have voted to close it as "Too broad" anyway. – Adi Mar 04 '16 at 12:18

0 Answers0