On Wed, 2007-12-05 at 00:34 +0000, Stef Walter wrote: > Owen Taylor wrote: > > If you are connecting on an insecure network (say coffee shop wireless) > > then a https connection to an untrusted certificate is a distinctly weak > > form of security. > > > > It tells you that you have a encrypted connection to *somebody*. > > > > - Owen > > > > (And note that Stef's proposal doesn't just greenlight a connection to > > https://bugs.freedesktop.org, it greenlights a https connection to a > > DNS-spoofed https://mybank.com.) > > Neither bugs.freedesktop.org or a DNS spoofed https site would be > 'greenlighted' under my proposal. Just the opposite. It would be treated > just like the untrusted connection that it is. If I have a bookmark (or link) to https://mybank.com and I go there, and I see my banking site, and even the correct https URL in my browser line, and the only indication that something went wrong is that the I don't get a lock icon, that's not greenlighting? You can't expect people to be warned by the *absence* of something. If you put a big red bar over the page and said: [ YOUR CREDIT CARD NUMBER IS BEING STOLEN RIGHT NOW ] *That* might work. (Sure, ssh-style checking against history would help, in certain cases, but you are still losing much of the strength of https.) > A TCP connection is basically untrusted. And an SSL connection to > someone we can't verify is the same from a trust perspective. > > Of course, if someone (like Pat with his mail server) has noted a > specific certificate to be trust worthy, then it will be treated as > trusted whether or not we have a root CA for it. > > But presenting the user with the choice every time is wrong in my opinion. Yes, asking the user is wrong... TLS was designed to have central signing authorities. To make it work as designed, you have to *DENY* the self-signed case and force server admins to do one of: A) Buy a cert from an existing CA B) Work with others to create an alternate CA system C) Tell their users how to install a certificate - Owen
Attachment:
signature.asc
Description: This is a digitally signed message part