>>>There might be a useful compromise: the built-in/vendor-supplied roots >>>show a blue or a green address bar, and non-vendor-supplied roots show >a >>>yellow address bar. >> >> Bandages on a gushing artery. More irrelevant information for users >to ignore. > >Telling people that they are being intercepted and MITM'd is irrelevant >information?
Changing a color in the UI is unimportant if users cannot trust that this color/indication is correct or if they do not even understand what various shades of untrusted mean. What point is creating a UI to say you are being MIM'd if most of the time you would not get this indication even when you are MITM'd. Not all MITM will acknowledge that they are monitoring traffic. This is what we call an adversarial environment. If we were all friendly and worthy of trust we would agree to be gentlemen and never intercept traffic. Hence the analogy of taking one of those little sticky band-aids to patch a major bleed-out. Allowing the display of a "approved" MITM disregards the much more serious blood loss of the undetected MITM. I will concede that you could build such a MITM friendly browser for enterprise or Internet freedom challenged countries. It's short sited though to consider just this one use case. What about my TLS protected electric meter. I don't think it understands colors. What traffic is MITM acceptable and what is not? Exceptions to end-to-end security are much easier to design and deploy than getting it right for traffic that needs to be protected. Go ahead and build a MITM friendly system, but we need to solve the more important problem of unrecognized MITMs. Paul _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
