Hi Anders! On Sunday 22 May 2005 08:47, Anders Rundgren wrote: > I think this discussion is slightly over the heads of the crowd that > we could call "users".
Yes, sure, but most things are over the heads of users, including cryptography, sliding window protocols, contracts, audits, ... all of which play their part in SSL & PKI. Adding brand is simply one more aspect to a bucketfull of aspects. SSL the protocol is relatively small in its disciplines - it uses crypto and software engineering. Once you add PKI, you pull in all sorts of other disciplines, and this is what makes it so difficult to understand. SSL + PKI is a very broad multi- disciplinary field that defies understanding in any holistic sense, simply because there are very few accountants who can debug a software protocol (and v.v.). > For that lot, using the SSL model we can only > hope that the CAs represensented in browser truststores do > their job. BTW, VeriSign is a name brand for the _buyers_ of SSL > certificates but (in the browser environment) not for relying > parties of the consumer kind. Which brings us to your comment that we can only hope that CAs do their job. This is exactly where we get into trouble because if you go over to the world of CAs, and you look at it in their terms - governance and accounting and agency theory, you will find that their statement is that they assume the crypto / software side had better do its job! Each depends on the other. But when you examine the assumptions, they clash. One big example is that of "all CAs being equal." No accountant or governance expert would subscribe to that. They would simply say, no, that doesn't work, that never works. Yet, because this assumption has been made by the technical side of the equation, most governance people don't actually realise that the assumption has been made. > I know that this is the opposite on how PKI trust was intended to > work but that is the reality. > > It might be of interest to note that Microsoft in their latest effort > to rule the world using "InfoCards" deprecates the idea of using > SSL certificates and instead tout organization-certificates as it is > really not the CA you are after, but knowing that you are talking > to the right partner. Exactly. The choice is very stark. Either the people who work with SSL and PKI move to change and evolve their models to cope with the new threats, or in time, it will be replaced. Microsoft could replace it. The problem with Microsoft is that they haven't got an ability to field a proper security model *without* having their insular agenda poison it from the start. If they could reel in the marketing side of the biz for 2 years then they could replace the whole lot with something more secure. And then clean up mammothly, but the notion that a Microsoft product doesn't go for the short term benefit like a child going for cookies is beyond them. IMHO. The comment also applies equally negatively to most other companies, even notably privacy advocates like PGP Inc have their cookie theft stories (Cite: ADK). > If this list believe that users should do conscious decisions on what > CAs to trust you are on the wrong track as this is impossible > to do for mere mortals. A possible solution would be that you for > a fee "outsourced" CA trust decisions to a party that have this as > their prime business. Such a model would in fact add considerably > more interesting stuff to the plot than just CA validity. It could > actually claim that a reputation of an organization your are about > to contact is not the best. Impossible is a tough word, and if we accepted it we could get rid of the little padlock as that would mean that users could not check that. (They don't .. but that's not to mean they can't.) Also, you are assuming that the contrary is that a CA will always get it right. We've already shown this is a null case, as phishing bypasses the CA completely. And succeeds. (It seems that the popular figure is $1.2 per annum.) So it is a browser issue. I think - speculating here - that the solutions we settle on will be a spectrum of available info that is slowly refined and slowly learnt by consumers. Each consumer will be phished once on average and then will learn how to read the info. As each phishing cost on average is like $5000, I don't think it is too hard for users to spend a little time learning a useful security model to avoid the next $5000. But they may need that first $5000 to understand that themselves. (First million americans have already been phished, according to some numbers.) iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
