PKI too confusing to prevent phishing, part 28

Paul Hoffman paul.hoffman at vpnc.org
Mon Sep 26 18:13:46 EDT 2005 

At 9:39 PM +0200 9/26/05, Amir Herzberg wrote:
>>>Is PKI the cause of this? I think not. This is a usability problem.
>>>
>>>We try to fix this problem (and similar problems) with TrustBar. 
>>>Indeed we even had incidents where people on the TrustBar team 
>>>itself, and some security experts using TrustBar, thought there is 
>>>a bug - why does TrustBar display `Bad Certificate` warning, when 
>>>FireFox says the site is protected fine? But then we found out it 
>>>was simply a self-signed site, or a site signed by a CA not in the 
>>>list of the browser, or the most hard-for-users: a site with a 
>>>certificate whose issuer is specified as Verisign (say), but with 
>>>a wrong public key... this last one is really tricky; even expert 
>>>users get confused in identifying this, even when using the 
>>>certificate details dialogs (I checked for FireFox and IE).
>>
>>
>>To me, the first paragraph contradicts the second paragraph. 
>>Actually, the third sentence of the first paragraph contradicts the 
>>first two sentences of that paragraph.
>I didn't understand this. Please clarify.

If it is an inherent usability problem (users not understanding why 
there are trust anchors they have never heard of in their browser, 
users not understanding what a hierarchy is, users not understanding 
revocation, users not understanding the difference between a 
hierarchy and self-signed certs, and so on), then PKI is the cause of 
the problem.

>>Looking at decades of experience with PC software, it seems 
>>unlikely that TrustBar or anything like it will be deployed and 
>>understood by typical users. It is fine to help increase the 
>>security for a small (possibly tiny) audience, but please do not 
>>conflate that with making the whole market more noticeably secure.
>Please justify this assertion. Do you think this is the case simply 
>since users will not install it (being an extension)?

Correct, although for more reasons than just because it is an 
extension. Mostly, they will be suspicious of it unless it comes from 
the browser maker, and in fact because it comes from someone they 
have never heard of. Why should they trust their security to anyone 
other than Microsoft?

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list