Gervase Markham wrote:
Frank Hecker wrote:
Would it be possible for the browser to programmatically tell when an
SSL connection is secured by a "domain validation only" cert? (I suspect
not, but it's worth asking.)
That info is not presently encoded in a cert in any uniform way.
It is humanly feasible for NSS to store that info along with trust,
but that's not done today.
The big problem appears to me to be that in some cases a single
root CA cert is used as the root of both lower assurance and high
assurance certs. In such a case, I think we have no choice but to
brand the entire CA cert as low assurance. Then people who have paid
that CA for a high assurance cert will be unhappy with the CA, and
that problem (CAs that use a common cert for both) may be self
correcting over time.
One thing I've become more convinced of over the last few weeks is that
our UI needs a "site identity verified" indicator which is separate from
the SSL indicator. Site identity could be verified by SSL, but also if
we used DNSSec to look up the name. DNS attacks are the next step in
phishing as users get wiser.
So perhaps the solution is to stop showing the lock for such certs, and
merely show the "site identity verified" indicator.
SSL is site identity verification PLUS encrytion. Site identity
verification, by itself, is NOT "good enough for banking".
Thinking about it, it's certainly hard to justify maintaining both a
binary security UI and keeping such CA root certs.
I'm delighted to "hear you say that". You're one of the first people
with real influence on the mozilla UI to have appreciated these
security implications. Please continue! :)
If the Foundation is serious about the security push this year, it
I don't believe they are. Not yet.
Consider bugs 272901 272902 and 272903. Frank filed these bugs in
November, asking the Aviary branch maintainers to take the NSS cert DB
changes onto their newly create branch, so that FF 1.0.1 would have
the new certs. The new certs were checked into NSS in December.
4 months later, FF 1.0.1 was released without any new certs. No one
who works on FF and maintains that branch thought it was important
enough to work on that.
As long as that situation (FF branch keeps think certs are unimportant)
remains true, I don't think anyone from MoFo can seriously say that
MoFo is serious about this stuff.
should be hiring developers to work in this area. If we end up with a
list of bugs they should fix and an order, so much the better.
Hiring developers MAY help. But I believe it is thr responsibility
of branch creators to maintain the security of their own branches.
It is simply wrong for every branch creator to assume that he can
burden the maintainers of other code in mozilla's repository with
porting all their fixes to his new branch.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
