David Ross wrote:
Jean-Marc Desperrier wrote:
Nelson B a �crit :
Jean-Marc Desperrier wrote:
bassie a �crit :
When I import the CA certificate that issued the end-user certificate
TBird validates the signature, even without a Root CA in the
certificate store!
This much is normal behaviour.
It is?
I'd sooner guess that TBird is automatically marking the imported CA
cert as trusted. That would be a serious bug in TB.
Oh, I supposed that bassie had explicitely marked the intermediate CA as
trusted, but was surprised that the import of the root was not required
as is the case with some other products.
I don't know about mail certificates, but this is indeed how Web
certificates work in Mozilla. Intermediate certificates are
grouped with root certificates under "Authorities". If you have an
intermediate certificate in your database, you can mark it trusted
without having the root certificate, in which case you don't need
the root certificate.
That makes a lot of sense to me. Then, the
only question would be what would be the
default trust setting of an intermediate cert
entered explicity by user action. To my mind
that would be automaticaly 'trusted' as the
user has done the action, which implies
trust. (Any alternate, like 'not trusted' would
raise the odd question of why the user did
that in the first place.... And if the user can
enter intermediate certs, then they can
probably cope with finding the trust button
and unsetting it.)
However, proper setup of a secure Web site involves having not only
the site certificate on the server but also copies of any
intermediate certificates on that server. Then the visitor can
authenticate the site with only a trusted root certificate.
I recently ran into a secure Web site where the site certificate
used an intermediate certificate. The issuer of the root
certificate is not listed by WebTrust because the company no longer
exists, having been bought by another company. I had marked the
root certificate as untrusted when WebTrust could not (at that
time) certify that the acquisition did not impair its
trustworthiness. This prevented me from authenticating the Web
site. However, the intermediate certificate had been issued by a
start-up CA, who (by then) did have the WebTrust seal. I imported
the intermediate certificate and marked it trusted, which now
allows me to authenticate the site. (Today, that root certificate
is also marked trusted in my database per communication from
WebTrust.)
These are issues you seem to have coped
with well, but they seem like techniques well
beyond the average user ... To reach the
average user, we'd need to employ chrome-
based branding techniques and such like
(insert familar rant here... :) Even popups
wouldn't help there, as many users click
through with abandon.
iang
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
