Gervase Markham wrote:
Ian G wrote:
OK. Well, both are required. The Logo that the
user selects *and* the logo for the CA. Ideally,
the logo for the CA should be encoded into the
Cert / signed by it. This limits a false cert attack
to the site's cert supplier, and thus paves the
way to force the CAs to start checking who they
are issuing the certs to.
For the CAs it means that users will start to
recognise the various CAs. This is no difficulty
as they already recognise the existance of
Ford, Intel, Nokia, Virgin, ....
"No difficulty"? You don't see any difference between the Virgin brand
and the Verisign brand?
Good, I'm glad you understand what is meant by
branding. By forcing VeriSign to brand themselves
like Virgin, they are laid bare to their trusting public.
Who knows, maybe they will surprise us all.
Either way, right now, Mozilla is hiding the fact that
Verisign is being used to create relationships that
are falsely presented as trust. In fact, Firefox lies
about it by saying that the user trusts this cert and/or
provider.
What I'm suggesting is that the truth be revealed to
the users: Verisign is the one who made the relationship,
and that should be on the chrome. (insert long rant here
about the merits of TrustBar...)
Do you really think users have the brain space to remember and
understand 20 different CA brands, and make judgements based on that
understanding?
Do you really think MF should purport to make the
decision that the user should trust 20 different CAs
without a choice?
Yes, users can remember the brands needed. Huge
numbers of branding studies have shown the user
has a capability to deal with brands. The entire
western commerce system runs on it, and relies
on it to get bread to your door, petrol in your car,
your car itself, and beer at the end of the car
journey. Quick, how many beer brands do you
know and recognised?
Don't let your hatred of brands and marketing and
endless adverts blind you. Behind that process is
the creation of trusted relationships - and that's
where you will find the security needed to overcome
the current bugs that let things like Shmoo go forth
without any easy solution.
And this is a security question, right? Tell me why
it is that you trust Saunalahden? You do trust them,
that's what Firefox has decided. Now, why is that?
(Search for it here for the context...)
http://www.cs.biu.ac.il/~herzbea//Papers/ecommerce/spoofing.htm
Also, even if they do, they have no choice. A particular shop is only
protected by a cert from one company. It's trust that company, or shop
somewhere else. Those are the only options.
Yes, this is a bug in the PKI. Oh well, we can't fix
everything in one day.
And we are not in a million years going to persuade users, if they've
found a product they like, to leave that shop and find it somewhere
else just because the CA has a slightly tarnished reputation.
Oh, then that's fine. No problem. The consumer has
a choice. She sees that Verisign protects Paypal. She
stays. That's at least a correct trust calculation by the
interested parties, instead of right now where Firefox
tells her that she trusts Verisign, but hides it from
her when Verisign is not used (a la Shmoo).
But, I wouldn't underestimate the power of brand.
Right now, the reason VeriSign doesn't care is because
the users don't know who they are. Once users know
who Verisign is, I think they'll have a chance to show
how much they want to care about security ;-)
See http://www.gerv.net/hacking/security/phishing.html .
Excellent... reading soon.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
