Julien,
thanks for reading my rant! It is now the fifth
in a series I have written on this topic. Each
tries to take one singular claim and reduce it
to its truth, so that we can then move on and
debunk that quickly.
> > In time, however, I fully expect all CAs to
> > promote self-signed certs, as aggressively I
> > do.
> >
> > One day, Certificate Authorities ("CAs") will
> > defend our right to use self-signed certs, and
> > deny ever having said anything to the contrary.
> > It will be the thought crime of the age to think
> > in any other terms, a failure of your patriotic
> > duty, the denial of purity and essence of our
> > natural ... yadda yadda....
>
> Just wondering, what role would the CAs play if everybody used
> self-signed There is no cert hierarchy, as every cert is self signed.
> So allow me do doubt that CAs are going to advocate that, if for reasons
> of survival only.
I think you missed the thrust of the rant. What
I was suggesting was a marketing concept, which
could be considered to be the enlargement of the
market by creating graded steps. At the moment,
the binary market is too hard, and reduces the
number of servers that want in, at that price.
By making it easier to start, it will be much
easier to get to the point of really purchasing
something of value, later on. There is value in
CA-signed certs, but only in the future, when
they've had to adjust their offerings to a
competitive value added market. Right now it
is a commodity market, and that's not worth
a pinch of dust.
I would anticipate something like 2% of the market
being high end CA-certs. Then, something like 4-8%
low end "junior" or starter certs. Finally, there
would be something like 10-20% that would make use
of the self-signed certs, and 70% or so not doing
anything. But, these numbers would climb over
time, and as more incentives are developed.
As it happens, the CAs already understand parts of
this, but haven't put it together. They are for
example united in wanting the branding. They just
don't have any sway with the browser makers nor
have they shown any reason why the browser makers
should. I have: security. Their reason was to
make their product stand out more, they totally
missed the notion of improved security, for whatever
reason.
> > Firstly, CAs would now be able to see who was
> > using certs and thus who cared. I.e., what
> > sites care enough to actually promote and use
> > their easy crypto install, and what sites just
> > let it lie fallow.
>
> Great - so now self-signed certs are used as a spamming tool for CAs to
> market their certs . Not that it would be the first time that certs
> (which are public) were usd for that purpose, though.
Well, I'm sorry about that. I understand that many
technical people think that marketing and adverts
and what-have-you are the pits. I was once that
person, too. But, marketing is what drives the
tech, not the other way around. The reason certs
have failed is because the market was created in a
strangled fashion. We need to undo that strangle, in
order to make use of the SSL infrastructure that is there,
and a consequence of that is that there will be some
unsolicited commercial email, albeit of a targetted
variety, and only from a few highly identified and
hopefully responsible players (i.e., if some player
were to get a reputation for diverting traffic in
bad ways, or sending out irresponsible emails, I
imagine the value of its brand as a cert provider
would go down. I mean, it's about trust, isn't it?).
> > NONE -> self -> auto -> minimal -> MAXIMAL
> >
> >
> > The step from one gradation to the next is
> > much much smaller, and thus cheaper and easier
> > on the thought process of our currently unshod
> > masses. Five small steps replace one huge leap
> > (and any number of additional steps could be
> > added to smooth out the slope in future years).
>
> There is no binary treatment of certs today - in fact, there are 3 cases
> for servers :
> 1) not using SSL
> 2) using SSL with a self-signed, untrusted cert, for free . This brings
> a browser warning .
> 3) using SSL with a generally trusted cert, at some cost . This
> eliminates the browser warning .
OK, here's where we differ: Your second choice
does not really exist, because even though it
is technically possible, firstly, it is not
easy or automated, and secondly, the users
complain about the snake oil. That is, they
have been educated to treat, by dint of warnings,
that increase in security as actually dangerous.
We should rectify that, which is part and parcel
of the proposal, which CAs will actually see and
appreciate (because they need the easier path that
self-signed certs will give them).
It needs two steps:
a. stop the warnings on self-signed certs.
b. servers should bootstrap with self-signed
certs (awaiting upgrades...)
And, to make all that mesh in, we need the chrome:
c. the branding area in an uncoverable part of the
browser to show cert details, etc.
That of course overcomes the Lock problem, as the
self-signed cert will show as a fairly bland thing
compared to the graphical wonders of the CA's efforts.
> For your suggestion to work, there has to be an incentive to upgrade
> from the self-signed certificate to something better.
:-) Surely you are not suggesting that there is no
incentive in security? My oh my! Actually, there
will be a huge residual incentive for many years to
come. Think of it this way - even if we manage to
get all this in place, there is no way that we will
be able to overcome the mindset that says that CA
certs are the thing to have.
> Automatically trusting all self-signed certs in Mozilla would reduce the
> 3 cases to 2, and have the result of eliminating any incentive for
> anyone to upgrade from self-signed certs.
Well, actually, there is quite some incentive.
This will become apparent when CAs have their
branding in place, as they will then be able to
show users how solid their DD is, and also offer
other benefits than straight identity. But it
can only be done when they can communicate to
the user in some sense or other, via the cert.
> Achieving your goals is already possible without any changes to Mozilla
> or any other browser .
Achieving these goals is very simple. Only
the chrome part requires a bit of effort.
> Nothing stops any server developer from adding a
> feature that automatically generates self-signed seerver certs and
> installs them readily .
Well, from the browser side, the warnings need
to disappear (to become congratulations!) and
the browser needs to seriously move towards a
chrome box for branding.
(Another thing that is needed is certificate
caching, which results in usage counts, that
can be displayed on the branding box.)
These things are *also* needed to address the
phishing. I.e., they are the only way that
phishing seems to be addressed, as that is a
very tough problem. They are also the only
way that I have seen to deal with things like
rogue certs, and hence, CAs that are acting up,
but I don't think that's such a big deal.
Phishing is, though.
(Yes, the server side change is not to do with
Mozilla. But, we have to start somewhere. And,
all three need to be done for them to feed off
each other!)
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
