Ian,
Ian Grigg wrote:
Also, given the nature of self-signed certificates, it is pretty clear that the user gives up any benefit of revocation by CAs. What on earth is offensive about that? A self-signed cert user doesn't want anything to do with a CA, including revocation. There is simply no drama here.
What that means is that applications such as Mozilla should treat self-signed certs differently from certs issued by trusted CAs.
Absolutely, I agree with that.
> And they
do currently, by bringing you a big warning. I think it should remain.
Ah, oh. Well, there I think we can improve things, by showing the nature of the cert in more glorious detail. Browsing - it can be some bland "Self-Signed Cert" box whereas I *know* Verisign want to fill their spot with a more persuasive description of the qualities of their cert.
The difficulty with the warning is that it discourages use, unfairly. If you believe in that warning, then you should display an even bigger warning when they are using HTTP.
But, I do think that we are all agreed that the warning is generally ignored anyway by users, and should be improved, as you say below: "They just don't read the security warnings, they blindly click through."
Perhaps wording can be added, to explain that if the user accepts the cert, there is no way it will ever get revoked. But I believe that's too complicated for most people to understand. Under most circumstances, the cert simply shouldn't be trusted period, especially by people who have no understanding of certs. Having an "advanced" mode for the browser where it's possible to change trust, and a normal mode where it's not, for unsophisticated users, would be a good compromise.
Sure it can be trusted! The browser should say that you've seen this very cert X times before, and if you want to check, these were the times. Adding cert caching to the application is very important, it is critical to addressing phishing, which bypasses the cert system altogether, so it's very important to *somehow* show the user that there is no cert involved *this time*.
(Other apps would think differently.)
The logical conclusion of this is that self-signed certs, if they are ever to be used, should only be used by sophisticated users, who have means to validate the certs outside of PKI, in a manual way (!).
No, the logical conclusion is that the self-signed certs should be used for every unsophisicated user, who is not as yet sophisticated enough to demand a CA-signed cert.
Because it's better than the most common alternate, which is nothing. (I'm thinking here of the 99% of servers that offer no protection, and you are thinking of the 0.4% of the servers that offer CA-model protection.)
Having an application automatically generate self-signed certs to widen PKI use for the masses, as you have suggested, would be a very bad disservice to the value of certs, because the masses could never understand the risks associated with using and trusting any of those self-signed certs. They just don't read the security warnings, they blindly click through.
The fact that browser manufacturers as a group have failed to create a security UI of value is not proof that a) it can't be created nor b) users don't or can't deal with security nor c) self-signed certs would squeeze out CA-signed certs from their job of protecting users. I believe Nelson nailed this one when he described how the Netscape managers tried to get the UI to do something sensible, and the UI programmers didn't agree, so they overrode the security concerns.
Work done in Mozilla to show that users can understand security UIs and UIs can present security in a way that helps:
Ye and Smith, Trusted Path for Browsers,
11th Usenix security symp, 2002.
Advertisement by Sean Smith <[EMAIL PROTECTED]>:
"we also built this into Mozilla, for Linux and Windows.
http://www.cs.dartmouth.edu/~pkilab/demos/countermeasures/(It's been a while since I read this, I should read it again to see that it says what I recall... )
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
