Ian Grigg wrote:
Exactly. Browsers simply require sites to have a certificate from any CA. Browswers can't even specify a list of their prefered/acceptable CA... This made it easier for SSL to roll-out, but, like you say, made certificates into commodities and almost meaningless.This indeed is the crux of the weakness of the SSL/secure browsing/CA system. The concept called for "all CAs are equal" which is an assumption that is easily shown to be nonsense.
<skip>
Agreed!The essence of any fixes in the browsers should be to address the (rather fruitful) diversity amongst CAs, and help the user to make choices amongst the brands of same.
Agreed! Except, I think that the user may also be involved in recognizing the more trustworthy CA, e.g. by including also a logo of the CA in the TCA - so I can see, `this site is IBM (since I see their logo) and this was validated by Verisign and/or the USPTO (since I see their `logo certified by` logo(s)).
Some CAs are more equal than others... and the sooner a browser recognises this, the better.
Exactly!
These bodies could issue logo certificates.
I'm not sure I agree here. I think that many logos (e.g. of international companies) are already well protected by the existing network of trade mark offices. As to smaller companies, they would be protected by the logo but also by including icons/seals of credentials in the Trusted Credentials Area. E.g., getting back to your example, a site such as Perry's, which contain professional crypto information, should be able to get a credential from organizations such as IACR or ACM or Financial Cryptography or... and I guess these places would not give a credential (certainly not to the same logo) for a resturant.
These certificates would only have value if there is extensive verification. We probably lack the technology to do that cheaply right now, and the necessary level of international cooperation.
So, the site logo becomes more meaningful when accompanied by the Logo Certifying Authority logo, and/or by appropriate credentials.
Let's not pick on Nigeria, but I get your point; but why should you set your browser to trust logo certificates from an LCA you don't trust?? The site can obtain multiple logo certificates if it wants its logo to be internentionally trusted.
I'm not sure I understand how logo certs would work, as there is still the possibility of same being issued by CA-Nigeria and having remarkable similarity to those issued by USPTO.
Agreed. We already planned to have the LCA's logo in the TCA but I'll modify the paper (and code) to make this more clear and visible. Thanks!
Until the CA is surfaced and thrust at the face of the user, each browser's 100 or so root CAs will be a fundamental weakness. Including of course the absence of CA, which is something that is nicely hidden from the user.
BTW, notice that by default, and considering there is no CA certifying logos yet afaik, you simply have to validate the (regular) certificate on the first time you get a public key from the server...
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography & security)
begin:vcard fn:Amir Herzberg n:Herzberg;Amir org:Bar Ilan University;Computer Science adr:;;;Ramat Gan ;;52900;Israel email;internet:[EMAIL PROTECTED] title:Associate Professor tel;work:+972-3-531-8863 tel;fax:+972-3-531-8863 x-mozilla-html:FALSE url:http://AmirHerzberg.com version:2.1 end:vcard
