browser vendors and CAs agreeing on high-assurance certificates

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Dec 21 07:10:49 EST 2005 

"James A. Donald" <jamesd at echeque.com> writes:

>If no attacks, this is just an excuse for higher priced holy water, an 
>attempt to alter the Browser interface to increase revenue, not increase 
>security - to solve the CA's problem, not solve the user's problem.

That's a somewhat cynical view :-) of what I'd seen it as, a case of looking for 
the dropped contact lens where the light is.  The CAs and auditors are in the
business of auditing and checking, so they try and address the phishing problem 
by adding more auditing and checking to the cert issue process because that's 
the only thing they can do.  To grab a few chunks from an article on security 
usability that'll be published Real Soon Now (note that this is a summary of 
much preceding text containing examples of each of the cases mentioned below):

  The security model used with SSL server certificates might be called honesty-
  box security: In some countries newspapers are sold on the street by having a 
  box full of newspapers next to a coin box (the honesty box) into which people 
  are trusted to put the correct coins before taking out a paper. Of course they 
  can also put in a coin and take out all the papers, or put in a washer and 
  take out a paper, but most people are honest and so most of the time it works. 
  SSL.s certificate usage is similar. If you use a $495 certificate, people will 
  come to your site. If you use a $9.95 certificate, people will come to your 
  site. If you use a $0 self-signed certificate, people will come to your site. 
  If you use an expired or invalid certificate, people will come to your site. 
  If you.re a US financial institution and use no certificate at all but put up 
  a message reassuring users that everything is OK, people will come to your 
  site. In medical terms, the effects of this .security. are indistinguishable 
  from placebo.

  In fact the real situation is even worse than this. Although there has been 
  plenty of anecdotal evidence of the ineffectiveness of SSL certificates over 
  the years, it wasn.t until mid-2005 (ten years after their introduction) that 
  a rigorous study of their actual effectiveness was performed. This study, 
  carried out with computer-literate senioryear computer science students (who  
  one would expect would be more aware of the issues than the typical user) 
  confirmed the anecdotal evidence that invalid SSL certificates had no effect 
  whatsoever on users visiting a site.

  [...]

  A contributing factor in the SSL certificate problem is the fact that security 
  warnings presented to the user often come with no supporting context. Since 
  web browsers implicitly and invisibly trust a large number of CAs, and by 
  extension a vast number of certificates, users have no idea what a certificate 
  is when an error message mentioning one appears. One user survey found that 
  many users assumed that it represented some form of notice on the wall of the 
  establishment, like a health inspection notice in a restaurant or a Better 
  Business Bureau certificate, a piece of paper that indicates nothing more than 
  that the owner has paid for it (which is indeed the case for most SSL 
  certificates). Users were therefore dismissive of .trusted. certificates, and 
  as an extension cared equally little about .untrusted. ones.

  This user conditioning presents a somewhat difficult problem. Psychologists 
  have performed numerous studies over the years that examine people.s behaviour 
  once they.ve become habituated into a particular type of behaviour and found 
  that, once acquired, an (incorrect) whirr, click response is extremely 
  difficult to change, with users resisting attempts to change their behaviour 
  even in the face of overwhelming evidence that what they.re doing is wrong. 

So, as you say, high-assurance certs are solving a CA and regulation-settor 
problem, not a phishing problem.

It'll be interesting to see how things look in a years' time.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list