On Wed, 7 May 2008 17:36:54 -0600 Neal McBurnett <[EMAIL PROTECTED]> wrote: >On Thu, May 08, 2008 at 12:45:46AM +0200, Martin Pitt wrote: >> Peio Ziarsolo [2008-05-07 13:03 +0200]: >> > But for power user that know the significance of a bad certificate it's >> > annoniying add exceptions (this morning I have to add 3 esceptions). >> >> This doesn't have anything to do with power users/n00bs. An invalid >> SSL certificate isn't any better or worse depending on the type of >> user. If a site sets up SSL with an invalid certificate, then this >> buys the user nothing but a false sense of security. >> >> The proper approach to this IMHO is to make adding exceptions in all >> web browsers (especially IE) as hard and explicit as in Firefox 3. >> This would perhaps force site admins to get a grip and stop ignoring >> broken SSL certs, once they get a flood of complaints. >> >> > Is there any key to toogle off this new feature? >> >> I *so much* hope that there isn't. People should really start to >> understand that this is a SERIOUS error and shouldn't at all be >> considered 'normal'. > >Invalid certs are one thing. But doesn't this also affect self-signed >certs? > >Self-signed certs are appropriate for many use cases in which the goal >is primarily encryption (e.g. to protect data flowing back from the >server to the user), rather than e.g. protecting bank accounts by >authenticating the server to the user. E.g. connecting to a local >ebox management port, or a small community wiki. > >In many low-security situations, this change pushes server operators >into buying pricey certs from certificate vendors who often offer >little or no meaningful vetting and accept zero liability. > >This stuff is complicated, involves politics, and can't be painted >with such a broad brush. Education is a big part of it, like with most >security-related issues. > >The current warnings are confusing, and are being improved. Let's try >to see to it that they communicate as well as possible. Otherwise too >many grass-roots sites will just go back to asking folks to enter >passwords over unencrypted connections, or users will get used to >bypassing yet another set of dialogs and phishing will continue >scarcely abated. > >E.g. how hard is it for folks to buy in to their own web of trust and >get e.g. all CACert certs accepted? > > http://cacert.org > I think you are correct. This "improved security" may well have the opposite result.
Additionally, a valid SSL cert for a particular domain does nothing to solve phishing based on near-match (cousin) domains. Unlike email, exact domain forgery is not the major problem. If I own paypa1.com, I can get a valid SSL cert for it too. SSL (aka TLS) is about securing data from external observation. Trying to overlaod it with a hierarchical CA cert system does not provide substantial endpoint authentication. At best it helps against exact domain spoofing (via DNS attacks). At worst it encreases user risk due a false sense of security. In my experience these kinds of U/I hurdles just annoy and desensitize the user and do not provide any real security. Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
