Ian Grigg wrote:

This indeed is the crux of the weakness of the
SSL/secure browsing/CA system.  The concept
called for "all CAs are equal" which is an
assumption that is easily shown to be nonsense.
Exactly. Browsers simply require sites to have a certificate from any CA. Browswers can't even specify a list of their prefered/acceptable CA... This made it easier for SSL to roll-out, but, like you say, made certificates into commodities and almost meaningless.
The essence of any fixes in the browsers should
be to address the (rather fruitful) diversity
amongst CAs, and help the user to make choices
amongst the brands of same.

Some CAs are more equal than others... and the sooner a browser recognises this, the better.
Agreed! Except, I think that the user may also be involved in recognizing the more trustworthy CA, e.g. by including also a logo of the CA in the TCA - so I can see, `this site is IBM (since I see their logo) and this was validated by Verisign and/or the USPTO (since I see their `logo certified by` logo(s)).

These bodies could issue logo certificates.

These certificates would only have value if there is extensive verification. We probably lack the technology to do that cheaply right now, and the necessary level of international cooperation.
I'm not sure I agree here. I think that many logos (e.g. of international companies) are already well protected by the existing network of trade mark offices. As to smaller companies, they would be protected by the logo but also by including icons/seals of credentials in the Trusted Credentials Area. E.g., getting back to your example, a site such as Perry's, which contain professional crypto information, should be able to get a credential from organizations such as IACR or ACM or Financial Cryptography or... and I guess these places would not give a credential (certainly not to the same logo) for a resturant.

So, the site logo becomes more meaningful when accompanied by the Logo Certifying Authority logo, and/or by appropriate credentials.

I'm not sure I understand how logo certs would work, as there is still the possibility of same being issued by CA-Nigeria and having remarkable similarity to those issued by USPTO.
Let's not pick on Nigeria, but I get your point; but why should you set your browser to trust logo certificates from an LCA you don't trust?? The site can obtain multiple logo certificates if it wants its logo to be internentionally trusted.

Until the CA is surfaced and thrust at the face of the user, each browser's 100 or so root CAs will be a fundamental weakness. Including of course the absence of CA, which is something that is nicely hidden from the user.
Agreed. We already planned to have the LCA's logo in the TCA but I'll modify the paper (and code) to make this more clear and visible. Thanks!

BTW, notice that by default, and considering there is no CA certifying logos yet afaik, you simply have to validate the (regular) certificate on the first time you get a public key from the server...
Best regards,

Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography & security)
fn:Amir  Herzberg
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:[EMAIL PROTECTED]
title:Associate Professor

Reply via email to