On 4/21/05, Gervase Markham <[EMAIL PROTECTED]> wrote:Petnames is not an authentication mechanism. It merely tells you that the person you talked to last week is the person you are talking to now
For the sake of clarity, could you define what you mean by "authentication".
Good question. I mean being able to know who a person you are communicating with is, in real life. In other words, if I phone my mother, I authenticate her because I know her voice. If I email her, even if I use her email address, she's not authenticated nearly as strongly, as someone could be using her writing and typing style.
(and it doesn't even tell you that, if the cert is self-signed and your DNS has been poisoned).
This is incorrect. The petname tool does guard against DNS poisoning. The petname tool provides a reliable binding between an SSL identity and a user chosen reminder note. The petname tool does not rely on the correctness of DNS information.
If the initial connection is made while DNS is poisoned, the petname toolbar will be fooled. (I.e. the bound SSL identity is the incorrect one.)
Sometimes this is sufficient - but not always, by any stretch of the imagination.
Note that I said: "For many use cases,..." I did not say "always". I think you'ld also be surprised at how often "knowing that you're talking to the same person" is sufficient.
Oh, I agree that "knowing you are talking to the same person" is sometimes sufficient. But you can't replace the trust model unless you can cover all the bases.
Is he suggesting that Chileans are planning to remove the root certs of all other providers from their browsers?
I don't know, but I don't think so, as this would neither help nor hinder his stated goals. I suspect he just wants Chileans to be able to create web sites in Chile that other Chileans can use without being vulnerable to a non-Chilean entity. I think this is a perfectly reasonable thing to want. In fact, I think it is unreasonable that this is not currently feasible using Firefox.
It is. They can import the root cert of the Chilean CA they trust.
If we have it by default, it has to meet the standards required, so that everyone in the world is safe. There's not much point in restricting it to just Chilean domains; that merely puts all the risk on Chileans.
I'm just trying to make Firefox a better product. I'm offering a solution to a pressing problem facing Firefox, phishing and CA-list expansion, and providing the code to implement it. Surely this merits some consideration, if Firefox is serious about these issues.
I personally don't agree that your solution is workable, and for a change of that magnitude, I'm not the person you'd need to convince.
I am aware that you want to define an accreditation function for the CA list, but I think we can agree that the accreditation value of the *current* CA list is at best ill-defined, if not non-existent.
They are accredited by history, which is fairly powerful.
Is it? Based on the recent white papers, even the CAs themselves aren't so sure. Why are you?
By accredited by history, I mean "no-one has yet lost money through trusting a dodgy cert."
Point me at all the people ripped off because they have issued dodgy certs.
That's not the way security features are judged. Something that hasn't
failed widely because it hasn't been widely attacked is not considered
secure.
You don't think any bad guys have considered how to subvert the current system?
Gerv _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
