(Peter Gutmann) on Thursday, May 7, 2009 wrote:

>>If SSL/TLS had as part of its handshake, a list of CAs that are acceptable to
>>the client, I could configure my browser with only high-reputation CAs.
>Uhh, how is that meant to work?

The client hello message would include the list of acceptable CAs. The
server could use that list to select an acceptable certificate to return to
the client. In the rare cases where there is a client certificate, the
server hello could include a similar list and the client could use it to
select an acceptable certificate. If the lists aren't included in the hello
messages, the behavior is the same as the current versions of SSL/TLS.

>In any case even if it did, every time you went to a site using a cert vending
>machine not on your list the browser wouldn't let you connect (or at least not
>without serious amounts of messing around, which means that eventually you'd
>add it to your list just to get rid of the nuisance).

Yes, I know I'm way out in left field, but I just might not go to a web
site if I cared about security with my transaction and the site didn't use
a reasonable CA. There are many alternatives both with competitor
organizations, and competitive communication techniques. For example, if I
didn't like the CA my bank used, I could either change banks or do my
banking by phone or in person at a local branch.

I have avoided many sites that want user names and passwords, or want me to
turn on Javascript. The popularity of the noscript plugin for Firefox means
that perhaps I'm not the only one "out in left field".

Cheers - Bill

Bill Frantz        | gets() remains as a monument | Periwinkle
(408)356-8506      | to C's continuing support of | 16345 Englewood Ave | buffer overruns.             | Los Gatos, CA 95032

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to