On 4/21/05, Gervase Markham <[EMAIL PROTECTED]> wrote: > Tyler Close wrote: > > Because an HTTP connection is neither encrypted, nor possible to > > authenticate. If Firefox will let us have encryption and key exchange > > without any annoying dialog, we can layer on our own accreditation > > mechanism, such as petnames. For many use cases, this solution is not > > only sufficient, but optimal. > > Petnames is not an authentication mechanism. It merely tells you that > the person you talked to last week is the person you are talking to now
For the sake of clarity, could you define what you mean by "authentication". > (and it doesn't even tell you that, if the cert is self-signed and your > DNS has been poisoned). This is incorrect. The petname tool does guard against DNS poisoning. The petname tool provides a reliable binding between an SSL identity and a user chosen reminder note. The petname tool does not rely on the correctness of DNS information. > Sometimes this is sufficient - but not always, by any stretch of the > imagination. Note that I said: "For many use cases,..." I did not say "always". I think you'ld also be surprised at how often "knowing that you're talking to the same person" is sufficient. > >>The fact > >>that he doesn't want to suggests that something more is required. > > > > Actually, Hugo responded to my last email, indicating that I do > > understand his main goal: to enable the Chilean people to browse > > Chilean SSL sites without requiring a vulnerability to a non-Chilean > > entity. > > Is he suggesting that Chileans are planning to remove the root certs of > all other providers from their browsers? I don't know, but I don't think so, as this would neither help nor hinder his stated goals. I suspect he just wants Chileans to be able to create web sites in Chile that other Chileans can use without being vulnerable to a non-Chilean entity. I think this is a perfectly reasonable thing to want. In fact, I think it is unreasonable that this is not currently feasible using Firefox. > >>That's not to say that it's not a good idea, but I don't think it will > >>help Hugo. > > > > Well, let's find out. It is technically *very* easy to incorporate the > > petname tool into the next security release of Firefox. Let's see if > > making this set of changes relieves some of the pressure on Frank to > > add more CA certificates. > > Er... no. Why not? I'm just trying to make Firefox a better product. I'm offering a solution to a pressing problem facing Firefox, phishing and CA-list expansion, and providing the code to implement it. Surely this merits some consideration, if Firefox is serious about these issues. > > I am aware that you want to define an accreditation function for the > > CA list, but I think we can agree that the accreditation value of the > > *current* CA list is at best ill-defined, if not non-existent. > > They are accredited by history, which is fairly powerful. Is it? Based on the recent white papers, even the CAs themselves aren't so sure. Why are you? > Point me at > all the people ripped off because they have issued dodgy certs. That's not the way security features are judged. Something that hasn't failed widely because it hasn't been widely attacked is not considered secure. Security has to make its bones by showing that it will prevent the onslaught of attacks. In this case, the providers of the system are themselves saying that the system will fail under attack. Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
