About SSL "Trick or Treat" Dialogs

From: Stef Walter <stef-list memberwebs com>
To: "desktop-devel-list gnome org" <desktop-devel-list gnome org>
Subject: About SSL "Trick or Treat" Dialogs
Date: Tue, 4 Dec 2007 14:29:08 +0000 (UTC)

Dan Winship got me thinking about the "unable to verify identify of this
certificate" dialogs we see in browsers when using self-signed or
otherwise unverifiable certificates.

I'm sure others have come to this conclusion: These are some of the most
useless dialogs that exist, a major cop out. They basically asking the
user something they can almost never possibly know.

I'd like to propose [1] that we do away with these dialogs in GNOME. In
my opinion if we cannot verify the certificate, then we should simply
not show the UI elements that indicate a secure connection. We should
just act as if the connection is like any other normal connection.

Here's my reasoning:

1. Obviously in the case of an unverifiable certificate it's possible
that only a portion of the connection (as in IP hops) is encrypted,
and/or we're connected to an unknown party.

2. The above are the exact same security properties of a normal non-SSL
TCP connection.

3. The whole point of the lock icon in the browser is the assurance to
the user that end to end encryption and trust has been established.

So why bother the user with the confusing question? The user will
probably want to connect to the site, so why not just treat it as a
non-secure connection?

Obviously a web site administrator probably has reasons for using a
self-signed certificate, such as encrypting traffic so logins don't go
in clear text. That's all very well, and will still work as intended,
but I don't think we need to bother the user with such trivia. [2]

Removing these dialogs doesn't 'solve' security on the Internet [3], but
I think it will make things far less confusing for the user while
maintaining the same level of security.

Cheers,
Stef Walter


[1] And it really is just a proposal as I'm not a direct developer of
any software that displays these dialogs.

[2] We may want an option on the menu, which has a simple way of marking
the current website's certificate as trusted. But its not something to
bring to the attention of every user at each visit to these websites.

[3] You'll want to start with DNS if that's your goal.

Follow-Ups:
- Re: About SSL "Trick or Treat" Dialogs
  - From: Adam Schreiber
- Re: About SSL "Trick or Treat" Dialogs
  - From: Owen Taylor
- Re: About SSL "Trick or Treat" Dialogs
  - From: Xavier Bestel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]