On Fri, 2 Jan 2009 15:49:24 -0500 Deepak Jain <dee...@ai.net> wrote: > > Of course, this will just make the browsers pop up dialog boxes > > which everyone will click OK on... > > > > And brings us to an even more interesting question, since everything > is trusting their in-browser root CAs and such. How trustable is the > auto-update process? If one does provoke a mass-revocation of > certificates and everyone needs to update their browsers... how do > the auto-update daemons *know* that what they are getting is the real > deal? > > [I haven't looked into this, just bringing it up. I'm almost certain > its less secure than the joke that is SSL certification]. > If done properly, that's actually an easier task: you build the update key into the browser. When it pulls in an update, it verifies that it was signed with the proper key.
--Steve Bellovin, http://www.cs.columbia.edu/~smb