delegating SSL certificates
Jon Callas
jon at callas.org
Mon Mar 17 15:00:24 EDT 2008
On Mar 16, 2008, at 8:50 AM, John Levine wrote:
>>> So at the company I work for, most of the internal systems have
>>> expired SSL certs, or self-signed certs. Obviously this is bad.
>>
>> You only think this is bad because you believe CAs add some value.
>
> Presumably the value they add is that they keep browsers from popping
> up scary warning messages. There are all sorts of reasonable
> arguments to be made that the browsers are doing the wrong thing (and
> the way that Microsoft prevents you from ever deleting any of their
> preinstalled CA certs is among the wrongest.)
Yes, but.
If a browser handled unknown certificates similarly to the way SSH
does -- to alert the user when it sees an unknown, unrooted
certificate, and then only again when there is a mis-match, you would
have an incentive to get a CA certificate (because businesses don't
want their customers to see that scary message even once), while
supporting ad-hoc infrastructures.
This would require only software changes, not changes in the trust
models, CAs, procedures, etc.
A wicked person would suggest that this is because the present system
was designed to support the business model, not the security model.
I'm not a wicked person and would never suggest that.
Jon
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list