On 03/24/2014 10:36 AM, Keith Moore wrote: > Yes, it's more work and expense for a site to maintain valid CA-signed > certs. But if clients complain when they're not there, providing > CA-signed certs becomes "part of the cost of doing business", just like > maintaining DNS records, keeping software up-to-date, and so forth.
I think you're making an argument about visibility to the user, not
about actual best practices.
I note that many large organizations regularly do *not* pay "the cost of
doing business", especially in terms of keeping software up-to-date,
witness the huge deployments of Windows XP and Windows Server 2003
expected to still be in use long after Microsoft's long-delayed
end-of-life of the OS. Keeping software up-to-date is generally *not*
visible to the user, and thus isn't considered a "cost of doing business".
Keeping accurate DNS records *is* part of the cost of doing business,
because users can't see an organization's network services if they can't
find the address.
Since all of the "opportunistic" proposals i've seen indicate that the
use of opportunistic crypto will not be visible to the user, the
incentives for well-authenticated endpoints will remain the same as they
currently are: services which fail to get some flavor of strong
authentication (whether that's PKIX or DANE or something else) will not
get to see any "this connection is secure" UI decorations. That is,
this *is* a visibilty-to-the-user issue, and the user sees the same old
insecure state. So if "having a visibly secure connection" is the cost
of doing business, opportunistic encryption is not enough.
Users should *not* be told that communications are "secure" when they
are vulnerable to trivial active attack.
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
