Re: About SSL "Trick or Treat" Dialogs

On Wed, 2007-12-05 at 00:34 +0000, Stef Walter wrote:
> Owen Taylor wrote:
> > If you are connecting on an insecure network (say coffee shop wireless)
> > then a https connection to an untrusted certificate is a distinctly weak
> > form of security. 
> > 
> > It tells you that you have a encrypted connection to *somebody*.
> > 
> > - Owen
> > 
> > (And note that Stef's proposal doesn't just greenlight a connection to
> >, it greenlights a https connection to a
> > DNS-spoofed
> Neither or a DNS spoofed https site would be
> 'greenlighted' under my proposal. Just the opposite. It would be treated
> just like the untrusted connection that it is.

If I have a bookmark (or link) to and I go there, and
I see my banking site, and even the correct https URL in my browser
line, and the only indication that something went wrong is that the
I don't get a lock icon, that's not greenlighting?

You can't expect people to be warned by the *absence* of something.

If you put a big red bar over the page and said:


*That* might work. 

(Sure, ssh-style checking against history would help, in certain
cases, but you are still losing much of the strength of https.)

> A TCP connection is basically untrusted. And an SSL connection to
> someone we can't verify is the same from a trust perspective.
> Of course, if someone (like Pat with his mail server) has noted a
> specific certificate to be trust worthy, then it will be treated as
> trusted whether or not we have a root CA for it.
> But presenting the user with the choice every time is wrong in my opinion.

Yes, asking the user is wrong... TLS was designed to have central
signing authorities. To make it work as designed, you have to *DENY* the
self-signed case and force server admins to do one of:

 A) Buy a cert from an existing CA
 B) Work with others to create an alternate CA system 
 C) Tell their users how to install a certificate

- Owen

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]