Gervase Markham wrote:
Ian G wrote:
Gervase Markham wrote:
Therefore, a "good thing" (merchants switching CAs), as defined by
this strategy, has almost exactly the same UI effect as a "bad
thing" (spoofing). This is deeply concerning.
Right, it is up to the merchant to manage that
process, and the user to be aware of better
branding.
But the merchant can't manage the process, because the user is
supposed to be using the cert to assess the trustworthiness of the
merchant's statements. After all, how would you react to a website
which said "Don't worry that your browser now says Foo CA - we've
switched CAs! Honest!".
Yes. The merchant is going to be annoyed by
this process because there is no easy way to
do it. This is a big deal. But so is the security
of the user. The more this hurts the merchant,
the more the merchant is going to kick up a
storm, and the more the CA is going to make
sure it never happens again.
That's the point - feedback requires pain. No
gain without pain. No security without feedback.
And no feedback unless the user is part of the
loop.
Or do you envisage a bank paper mailing all its customers to notify
them of the CA switch?
It's a possibility. It may even be required by
law, if the reason for switching is related to
potential breaches. California now has laws
related to security breaches, and that law has
now been spread by default to most other
states. Ref: Choicepoint.
A switch from bad cert to good cert is similar
in general appearance to good --> bad. This
means we have a good signal, and a bad signal.
And both signals are very similar - unless the user is so CA
brand-aware that they know that CAs A, B and C are currently
considered dodgy, but D, E and F are riding high, so A -> D is good
but F -> C is bad.
Right. Now you think that is a problem. I see
it as the whole point: the user is notified that
a change has happened, and they should take
extra care.
The level of brand and market awareness you are requiring from an
average web user is far above their awareness of almost any market,
even ones in which they are deeply involved.
Gervase, you'd have to be living on a desert
island to be unaware of the top brands in the
top areas of user interest.
Most users of cars are aware of
the brands of the cars. Most users of kitchen
appliances are aware of the brands of the
kitchen appliances. In fact, in just about any
sector where the user is faced with brands,
you can find that most consumers will know
(recognise) the top three brands.
I'm not sure what your objection to brand is?
It certainly works; it is an integral part of
all marketing, and it is also an important
part (albeit subtle) for all payment systems.
Let me put it another way. What would be
the damage of putting the brand of the CA
on the chrome? What would be the hurt?
A loss of real estate? If that's the only loss,
I have to admit I really have a problem in
dealing with that, because phishing costs
a billion a year and rising. I'm not sure it's
on the same scale of importance as the
billion or so that browser users are using.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
