A mighty fortress is our PKI, Part II
Paul Tiemann
paul.tiemann.usenet at gmail.com
Wed Jul 28 17:30:08 EDT 2010
On Jul 28, 2010, at 10:37 AM, Perry E. Metzger wrote:
> As to OCSP being a reasonable solution because it can be deployed
> easily, it clearly will not solve the browser security problem. So
> long as security depends on reliance on the lowest common denominator
> among the policies of hundreds of CAs, many of which are quite
> questionable, and so long as the certifications made by even the best
> of those CAs are effectively meaningless, and so long as the users are
> well trained to ignore every browser warning they ever get, the entire
> question of OCSP is somewhat irrelevant -- it would just be a way of
> spritzing the skunk with eau de cologne.
>
> I fully recognize that the odds we will fix the browser security
> problem are very low, if only because no one can deploy a truly new
> solution in a world where we can't even get IE 6 to die.
>
> However, in discussing this at a high level, as though we could
> improve things, we shouldn't kid ourselves about the current model. It
> is fatally broken. Hanging garlands from the corpse's ears will not
> convince anyone that it has a vibrant future ahead.
"it will CLEARLY not solve the browser security problem."
"the certifications made by even the best of those CAs are effectively MEANINGLESS"
"the users are well trained to ignore EVERY browser warning they EVER get"
"the ENTIRE question of OCSP is somewhat irrelevant."
"spritzing the SKUNK with eau de cologne."
"hanging garlands from the corpses ears."
That's all expressed in very certain terms.
Is OCSP _that_ hopeless?
You were kind enough to suggest Orwell to Jay at Edgecast (and possibly also to me.) I read it, liked it, and I'm glad you sent it. I sincerely think we can all learn from these two references:
A great essay by Neil Postman:
http://criticalsnips.wordpress.com/2007/07/22/neil-postman-bullshit-and-the-art-of-crap-detection/
And Ben Franklin's advice, with one paragraph excerpted below:
http://grammar.about.com/b/2009/06/01/how-to-argue-like-ben-franklin-and-lieutenant-columbo.htm
And as the chief Ends of Conversation are to inform or to be informed, to please or to persuade, I wish well-meaning sensible men would not lessen their Power of doing Good by a Positive assuming Manner that seldom fails to disgust, tends to create Opposition, and to defeat every one of those Purposes for which Speech was given to us, to wit, giving or receiving Information or Pleasure: For If you would inform, a positive dogmatical Manner in advancing your Sentiments, may provoke Contradiction & prevent a candid Attention. If you wish Information and Improvement from the Knowledge of others and yet at the same time express your self as firmly fix'd in your present Opinions, modest sensible Men, who do not love Disputation, will probably leave you undisturb'd in the Possession of your Error; and by such a Manner you can seldom hope to recommend your self in pleasing your Hearers, or to persuade those whose Concurrence you desire.
(Part One of The Autobiography of Benjamin Franklin, 1793; from The Library of America edition of Benjamin Franklin: Writings, 1987)
All the best,
Paul Tiemann
(DigiCert)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list