Who's afraid of Mallory Wolf?
Jeroen C. van Gelderen
jeroen at vangelderen.org
Tue Mar 25 13:29:43 EST 2003
On Tuesday, Mar 25, 2003, at 12:28 US/Eastern, bear wrote:
>
>
> On Tue, 25 Mar 2003, Anne & Lynn Wheeler wrote:
>
>> the other scenario that has been raised before is that the browsers
>> treat
>> all certification authorities the same .... aka if the signature on
>> the
>> certificate can be verified with any of the public keys in a browser's
>> public key table ... it is trusted. in effect, possibly 20-40
>> different
>> manufactures of chubb vault locks .... with a wide range of business
>> process controls ... and all having the same possible backdoor.
>> Furthermore, the consumer doesn't get to choose which chubb lock is
>> being
>> chosen.
>
> Of course the consumer gets to make that choice. I can go into my
> browser's
> keyring and delete root certs that have been sold, ever. And I
> routinely
> do. A fair number of sites don't work for me anymore, but I'm okay
> with
> that.
Go tell that to Joe Average. Or your mom. Or my sister. Or the average
MSN user. You know, the insignificant group of people that make up the
majority of the Internet population these days.
"If the lock icon is displayed it is safe."
Of course the consumer doesn't get to choose. Just like the consumer
never, ever gets to use all of the features on his VCR[*]. This is an
software agent deficiency. A UI issue: presently the UI doesn't
facilitate the consumer in making that choice.
Cheers,
-J
[*] I'm *not* talking about TiVo here, just about old-fashioned VCRs.
--
Jeroen C. van Gelderen - jeroen at vangelderen.org
"Be precise in the use of words and expect precision from others"
-- Pierre Abelard
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list