On 2012-12-31 16:18, Kai Engert wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
If we get away from garbage like keygen, PKI-based authentication
becomes a natural feature for mobile devices. This in itself render
the mentioned attacks
On 2012-12-31 16:26, Kai Engert wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
Although the recent CA failures cast a shadow over the web they have AFAIK
not led to any major losses for anybody.
The credit-card system OTOH is a major
I propose to more actively involve users into the process of accepting
certificates for domains.
I envision a UI where users are required to approve once, whether the
combination of a CA and a domain is acceptable to the user.
The following UI would be shown whenever a user starts a connection
On 31 December 2012 10:18, Kai Engert k...@kuix.de wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
I envision a UI where users are required to approve once, whether the
combination of a CA and a domain is acceptable to the user.
The
On Mon, 2012-12-31 at 10:38 -0500, Eitan Adler wrote:
* user gets confused: what the heck is this screen?
It's good if users are educated what is going on.
We could have a switch to completely turn this off, if the user really
doesn't care.
* user realizes that pressing yes usually works so
On 31 December 2012 11:06, Kai Engert k...@kuix.de wrote:
On Mon, 2012-12-31 at 10:38 -0500, Eitan Adler wrote:
* user gets confused: what the heck is this screen?
It's good if users are educated what is going on.
How is adding another annoying not-going-to-be-read dialog educating users?
On Mon, 2012-12-31 at 11:17 -0500, Eitan Adler wrote:
Expect the user to click yes to every dialog if prompted without reading.
[*] note, I am not talking about people like you or I that have an
understanding of the implications here. I am talking about the
typical user that studies have
On 31 December 2012 11:23, Kai Engert k...@kuix.de wrote:
It could be an opt-in feature, advertised through some kind of
notification popup.
http://patrol.psyced.org/ ?
https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/ ?
--
Eitan Adler
--
dev-tech-crypto mailing list
On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
I propose the following in addition:
Each CA certificate shall have a single country where the CA
organization is physically located (they
On Mon, December 31, 2012 10:23 am, Kai Engert wrote:
On Mon, 2012-12-31 at 16:26 +0100, Kai Engert wrote:
I propose to more actively involve users into the process of accepting
certificates for domains.
I propose the following in addition:
Each CA certificate shall have a single
Ryan,
On 12/31/2012 11:43, Ryan Sleevi wrote:
So far, the two proposals are:
1) Nag the user whenever they want to make a new secure connection. This
nag screen is not shown over HTTP, so clearly, HTTP is preferable here.
2) Respect national borders on the Internet.
If anything, the more user
11 matches
Mail list logo
