Owen Taylor wrote: >>> (And note that Stef's proposal doesn't just greenlight a connection to >>> https://bugs.freedesktop.org, it greenlights a https connection to a >>> DNS-spoofed https://mybank.com.) >> Neither bugs.freedesktop.org or a DNS spoofed https site would be >> 'greenlighted' under my proposal. Just the opposite. It would be treated >> just like the untrusted connection that it is. > > If I have a bookmark (or link) to https://mybank.com and I go there, and > I see my banking site, and even the correct https URL in my browser > line, and the only indication that something went wrong is that the > I don't get a lock icon, that's not greenlighting? > > You can't expect people to be warned by the *absence* of something.
True. It makes sense in the bookmark case. In other cases, if the scammer used or redirected to a normal http non-SSL connection, then then the only warning would be the absence of the lock icon and the 's' in the URL. > (Sure, ssh-style checking against history would help, in certain > cases, but you are still losing much of the strength of https.) I'm not sure I understand. Let's say some history checking of certifates -> domains was implemented, how that would cause a loss of strength in https? Obviously you've thought about these issues thoroughly, so I'm interested. >> A TCP connection is basically untrusted. And an SSL connection to >> someone we can't verify is the same from a trust perspective. >> >> Of course, if someone (like Pat with his mail server) has noted a >> specific certificate to be trust worthy, then it will be treated as >> trusted whether or not we have a root CA for it. >> >> But presenting the user with the choice every time is wrong in my opinion. > > Yes, asking the user is wrong... TLS was designed to have central > signing authorities. To make it work as designed, you have to *DENY* the > self-signed case and force server admins to do one of: > > A) Buy a cert from an existing CA > B) Work with others to create an alternate CA system > C) Tell their users how to install a certificate Yes, the Internet would certainly be a better place had everything been both thought out and implemented properly... But now we're stuck with finding solutions to these real world problems :( Cheers, Stef _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
