Sven Anderson wrote:
Ian G, 14.02.2007 00:40:
But, that's blue sky. About the only thing that you could
do right now is say:
CA TrustMeDoc claims BillyBlue is behind http://BB.com/
I don't know where "safe" or "trustworthy" fits in ...
Well, as you know SSL is not only checking the authenticity but also
provides confidentiality. So the "safe" just refers to the latter, that
the line is encrypted, and nobody else but the correspondent can read it.
If you can get the user to accept that definition of safe,
this works. If not, not. Has the user ever been asked?
(To clarify, I'm not saying "ask the user...," I'm just
pointing out that unless you asked the user, you won't be
able to support that the user accepts the definition, and
therefore the definition is useless...)
That's why i think, that the padlock was only a mistake in terms that it
has been misunderstood. It just tells me, that the _line_ is safe, not the
correspondent.
Right.
There is a tendency to go from purely technical statements
and then to rewrite them so as to be easily understood by
the consumer. Normal marketing, really.
To the extent that the consumer is educated and is
responsible, this is ok.
For example, a driver of a car is responsible. That's what
the driver's licence is about. In this regime there is no
problem telling a potential car driver that the car goes
faster than a racing car ... because no matter what, the
driver *is* responsible.
To the extent that there is *no danger*, then it's also
plausible to make silly claims.
Etc, etc.
The problem that arose in the certificate area is that it
was common practice from the early days to state that secure
browsing was safe, and you were safe to enter your credit
card details.
In this case, it failed on three counts:
1. the user was not competent to take on that
responsibility by objective standards,
2. there was some danger, and
3. the statements were wrong at some level.
All of which was fine for the first decade of the web,
because the "danger" was originally low, and then only
became high, e.g., phishing, around 2003.
Hence, some of us have been warning the CAs to take off
*all* claims of vagueness such as Trust, Safety, Secure,
etc. This has been going on since around 2003, and I
vaguelly recall that Verisign did in fact come to this
conclusion as well, and removed claims from its website.
I would like to have both information presented seperately:
1. is the line encryped?
2. who tells me what about the correspondant node?
That's reasonable, yes. The browser can make a fairly
definate statement on those two questions, as written.
How to present these two things with the least potential of
misunderstanding (also for Alices and Grandmas) I have no clue, and is
most probably a tough task.
A fun project :)
(Maybe a symbol for a "whisper"-mode, which also shows an "ID field" which
content is left to the user to check? But then you can also keep the
padlock as a whisper-symbol and complement it with such an ID field.)
Yes, the Firefox UI project ... will be quite interesting to
see how they do that.
For our part, we can establish some principles:
1. the browser is an authority on the encryption.
2. the cert is an authority on the name "identity".
3. the cert is a proxy for the CA which is the real
authority.
4. any statement made without authority raises liability.
5. any material info hidden from the user raises liability.
6. any excessive info forced on the user causes rejection.
etc etc. The firefox team get to solve it :)
iang
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
