On Mar 16, 2008, at 8:50 AM, John Levine wrote:

So at the company I work for, most of the internal systems have
expired SSL certs, or self-signed certs.  Obviously this is bad.

You only think this is bad because you believe CAs add some value.

Presumably the value they add is that they keep browsers from popping
up scary warning messages.  There are all sorts of reasonable
arguments to be made that the browsers are doing the wrong thing (and
the way that Microsoft prevents you from ever deleting any of their
preinstalled CA certs is among the wrongest.)

Yes, but.

If a browser handled unknown certificates similarly to the way SSH does -- to alert the user when it sees an unknown, unrooted certificate, and then only again when there is a mis-match, you would have an incentive to get a CA certificate (because businesses don't want their customers to see that scary message even once), while supporting ad-hoc infrastructures.

This would require only software changes, not changes in the trust models, CAs, procedures, etc.

A wicked person would suggest that this is because the present system was designed to support the business model, not the security model. I'm not a wicked person and would never suggest that.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to