Starting with the browser... The usual "secure site" icon and "bad certificate" warnings have lots of problems.
They don't address the common problems well, they annoy and confuse the user, and they train users to bypass security by clicking OK. A common attack is to hack into the web server, often via a flaw in shared hosting. The attacker can then use the site's certificate. A secure icon gives a false sense of security. Another common attack is to use look-alike domain names, now including international domain names. Then there are two things the attacker can do. The attacker can live without a certificate. (People don't notice, don't understand, and/or just take the risk because they want to use the web site.) The attacker can get a certificate for their own site. (1aptop.org, laptop.org.ru, laptop.or, etc.) Prompting the user for every bad certificate makes things worse. If the user can click "OK" to make technobabble go away, they will! When this happens often, "click OK" becomes a subconcious activity that the user performs to make the computer go -- kind of like pedaling a bicycle. Microsoft Windows users are often mostly unaware of the things they click through, because the clicking is so often. A redesign is in order, maybe along the lines of ssh. Note that ssh doesn't bother the user much unless the server's identity suddenly changes. If that ever happens, the user has to take more extreme measures to make the problem go away. For a web browser this would mean keeping certificates of visited web sites for a while (suggestion: one month) so that web sites with unexplained certificate changes could be blocked. There would not need to be anything else to mark a "good" or "bad" certificate; that would be UI noise that the user will ignore or worse. BTW, the ssh method could work well for email too. Email signing has been inhibited because nobody wants to mess with complicated crypto systems. If the public keys were always passed around, then we'd be able to detect most problems. We could do this without having to pester the user with technobabble in the normal case. See also: https://dev.laptop.org/ticket/3602 secure site icon https://dev.laptop.org/ticket/542 dialog for SSL https://dev.laptop.org/ticket/17 email _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
