> I never suggested there was no incentive in better security. Treating > unauthenticated encryption (which you call security), in the same manner > as SSL with CA authentication, then all we have done is reduce the > default overall level of security, from very high to nil IMO (or "self" > as you call it).
Oh, no, I'm not saying it should be treated as the same. This is yet another reason why we need the chrome - so as to give valuable distinction between the various grades of crypto based security. The chrome branding box would simply state in this case that it was an unauthenticated self-signed cert connection, in some garish colour, or monochrome, even. It should be entirely obvious to users - that is part of the branding. > I would strongly object to any kind of congratulations . I present that more as counterpoint, to establish how oddly placed the warning is. In fact, the job of the browser should be to not pass judgement on the nature of the crypto connection at all - in this sense, the Lock is a double edged sword, as it does pass judgement (and hence we are led into the whole "one size fits all" difficulty). Rather, the job of the browser is to present the info for the user to use, as they see fit. Hence, the branding box, stating the brand of the CA, or in the case of a self-signed cert, conspiciously failing to present... Nelson suggested that it display a demon for self-signed certs, although the BSD demon is a watch word for security! > If you wanted to eliminate warnings for self-signed certs, the only way > I wouldn't object to it would be to treat those type of connections > exactly the same as unsecured connections . However, that's not > possible, because mostly they use the https protocol in URLs , which > client applications today use to check for CA trust . You would need to > come up with some new trigger for your unauthenticated encrypted > connections (perhaps a new protocol handler) . Well, really, what should perhaps be done is for the HTTP (not https) protocol be capable of bootstrapping to an ADR or a self-signed. But, the reason for not doing that is that it would change too much of the protocol, and require massive coord and agreement. The changes that are being suggested are all easy, small, and require no coordination. They also all positively benefit, especially in concert. iang PS: ... That's why we've settled on them. I've been having this debate with dozens of people for the last year, mostly over on the general crypto groups. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
