Sure does, that's what a certificate does: Hey! You're on www.somewebsite.com
and the data is crypted.
The question is that, imagine somewebsite is meant to be at 220.127.116.11 and someone else spoofed DNS for it to resolve to 18.104.22.168, then your browser will believe it is at www.somewebsite.com
- even if it's phishing.
How would the attacker get hold of a valid certificate that claims it's for www.somewebsite.com
without actually controlling said domain?
And for free certificates, they might include the security they want, but no browser recognizes their root CA's, so it makes them as worthable (and will raise the very same alerts) a self-signed certificate.
Not necessarily. StartCom, for example, is recognized as a valid CA by almost anyone (Opera being the exception). CACert ist also included in popular Linux distributions (e.g. Debian).
DNSSEC is yet another piece of junk. That probably would never come to be nothing but a project. Issues of practical life, negociating crypt algorithms reduces performance and DNS is a really heavy duty service. So, if someone tries to implement DNSSEC as a standard, internet would probably become as slow as Tor is.
Ehm. DNSSEC _is_ a standard, and the root servers and many TLDs are already using it, although it will only become fully functional later this year. It's true that it is not as efficient as it could be (and was rightly criticized thus by people like Daniel J. Bernstein), but with .com, .net and .org adopting it within the next year or two, I'd pretty much say it's a done deal.
And if someone doesn't want the one he's paying to to know his address, probably the person that's receiving the payment doesn't want to show his address either. Therefore they simply DON'T use DCC Pay, but P2P Pay. Easy... as long as both options are there.
Well, I was working with the premise of IP payment, because that's what you brought up in the snippet I replied to with that paragraph. Of course you can just use a Bitcoin address (unless the payee wants you to pay DCC-style...)
I'm up to choices not to paranoia. Paranoia in security isn't of any value add, paranoia is just that... paranoia. Reduces life quality, grants nothing and prevents people from live.
Yes, someone may steal your data, as someone may steal your wallet on the bus with the very same outcome. There're some security elementals, but you can't keep looking over your shoulder (specially because you probably will miss to see the electrical post in front of you).
The thing with security is that you have to be aware of what _could_ happen. I don't walk around with 1000$ in my wallet, precisely because it could be stolen, for example. If Bitcoin becomes an accepted currency, attacks *will* happen -- just think of all the phishing that's going on with Paypal and normal banks. If there's a way, it will be exploited by criminals.