marcel wrote:
1. browsers should 'brand' the certificate
and the CA by displaying a branding box
on the chrome. This box should include
a certain amount of fluff in it, such as
images from the CA, as distributed by the
product or as signed by the CA.
Nice idea (if that part of the chrome can't be overlapped by an
image/popup-window...).
Yes, that is an assumption - by chrome, I mean and
include the concept that this part cannot be overlaid
by popups - which is a design requirement placed on
the implementor.
> I hope these "images from the CA" are
> tamper-resistant. Who decides about what images are showed, so that a
> rogue CA can be noticed by the users?
I've thought about this a little. I'm envisaging that
the images can be supplied as a set with the root CA,
and can also be signed by the root CA's cert.
Effectively, the CA creates the set. It is the CA's
brand. Then, the meta-CA can briefly review the set
to show that they are all different (this part is
easy, really, they just get published and everyone is
asked to comment).
Then, the root CA list is expanded to include these
additional components, it becomes a list of brand
objects including certs where before it was a list
of certs.
2. Cert usage should be cached and analysed.
specifically, when I log into my Bank of
America for the hundredth time, I want to
see a nice pretty 100 in the branding box.
If I get phished to the Funk of Amerika,
I want to see a big bad bold 0 up there
instead.
Fine. Some further considerations: what is done to protect the
counter(-file)?
None, especially. That is, none is proposed in
this set of changes, as it doesn't add anything
(if an attacker can change that file he can probably
change the CA root list as well or other files),
but there's no reason why someone couldn't add it.
3. Self-signed certs should be branded as
some bland thing in the branding box, and
no warnings should popup. Self-signed
certs should not be warned against because
the represent an improvement over the
alternate, which is unprotected HTTP.
I.e., we warn when something is wrong,
not when something is better.
Good.
4. Webservers should install automatically
in HTTPS mode and bootstrap a self-signed
certificate. This should be designed to
encourage people to do more SSL. If they
can do this, and browsers like it (see 3.)
then later on, successful sites can upgrade
to a CA-signed cert. (this is more an
Apache / IIE issue, not a Mozilla issue.)
Those are the 4 key steps.
( These two latter steps are essential to create the
market for CACs, by smoothing out the adoption
costs and expanding the use of security. At the
moment, use of SSL CA certs is squeezed so tight
it can't work as a market, due to a false assumption
that a self-signed cert takes a sale away from a
CA. It's taking a while to explain that sales will
increase if there are more SSCs in existence, but
unfortunately, the CAs aren't really people who
understand the market. )
Branding simply tells the user. If the CA isn't
trustworthy any more, it will become a bad brand.
The user may be more careful with brands that
aren't recognised or thought to be dodgy. At the
moment, there is no incentive for the CA to keep
clean, as even if found out, the user never sees
their name.
There we are at a kind of "meta-CA" again, no? Someone/something has to
decide which image is showed inside the branding box... IMHO this can
only be done via a TTP.
No, not at all. The meta-CAs (Mozilla, IE, Konqueror,
etc) are simply like the TV station - as long as your
ad can be displayed on the TVs (needs the right number
of pixels) and as long as it is delivered to them on the
right media (3/4" tape, etc) then they can deliver it to
our audience. Then, it is up to the CA and the user to
establish their relationship, as linked by the branded
images.
The job of the meta-CA is to design the branding box.
That is, how big is the TV screen, how much space is
allocated to the number of visits, to the brand name,
to the gfx, etc etc. As I'm graphically impaired, I
wouldn't dream of proposing that should be done.
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
