Comment #26 on issue 2010 by [email protected]: Feature: An option to disable the 'Expired Certificate" warning for a specific site http://code.google.com/p/chromium/issues/detail?id=2010
No matter what we do, users will always click through these messages, because 90+% of the time, that's exactly the right thing to do. And they have been conditioned to just ignore these messages. Either we accept this fact, and in that case, we might as well make it even easier to click through. Or we look at the root problem in the SSL protocol that is causing this issue and see if we cannot make Chrome be a little smarter about certificates problems than browsers traditionally have been. SSL is a centralized public key system, which suffers from all the problems that centralized systems have. For some users, it is just not possible to get a validly signed certificate, whereas for some attackers the lax controls of the CAs mean that they can still carry out their attacks -- And realistically, having a signed certificate doesn't mean anything more than the fact that at some point in time, the system administrator had access to $10. We try to do something about the problem of certificates not really meaning much (e.g. checking against known malware sites, supporting ssl extended validation, ...). And while this is limited in scope, it does help somewhat. But we don't address the problem of legitimate sites not having valid certificates. And as this bug's comments show, there are still various perfectly good reasons, why some sites just cannot get signed certificates. Besides, we shouldn't penalize the users who couldn't do anything about this, even if they wanted to. Historically, any attempts at properly distributed private key infrastructures, or at implementing proper opportunistic encryption have failed for political reasons. That doesn't mean Chrome couldn't do better. When we see an invalid certificate, we should check if we have ever seen a certificate for this particular site before. If so, and the two certificates are different, there is a good chance something is wrong. And we should warn the user in no uncertain terms and make it very difficult to accept the new certificate. On the other hand, if we repeatedly see the same certificate, there is a very good chance this is a valid certificate; it just didn't get signed by a recognized CA. This will be the majority of cases where we currently show interstitials, which we couldn't then tone down. This still leaves us with a problem when the user visits the site for the very first time. At that point, we have never seen any certificates for the site, and we cannot tell whether to show the big scary warning, or just show a minor notice that something isn't quite right, but probably benign. Ideally, we'd find a way to use Google's crawling infrastructure or or some other distributed service to collect information about historic certificate use, and use this as a data point when determining the likelihood of a genuine attack versus a misconfigured system. The guiding principle should be that we only show the big scary warning, if there is a high likelihood that something is really wrong. And slowly we'd train users that if Chrome shows a warning, they'd better take it seriously. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
