[Cryptography] "Trust in digital certificate ecosystem eroding"

Howard Chu hyc at symas.com
Tue May 5 04:12:21 EDT 2015

Michael Kjörling wrote:
> On 2 May 2015 10:00 +0100, from hyc at symas.com (Howard Chu):
>> I would start by shipping all the currently bundled CAs in disabled
>> state. Every time you hit a new web site, prompt for whether to
>> trust it's chain or not, and also display a counter of how many
>> times you have trusted a site using this CA. I.e., I want to know
>> how many of the thousands of CAs being shipped are actually useful
>> in my own browsing patterns. The rest have no business being enabled
>> in the first place.
> The problem with this is (and many other approaches that burden end
> users with security-critical decisions) that the vast majority of
> users simply want to proceed to www.funnymovieswithcutekittens.com or
> whatever other site they were trying to get to. So they will click
> "proceed" or whatever the button is labelled, all the while thinking
> "why are you bugging me? just get out of my way, computer!".

I said "I would start" - I didn't say "here is a complete solution for 
you." My point is that at the moment, not you nor anyone else has any 
actual metrics on the scope of the problem. In particular, software 
today doesn't provide *any* way for an individual user to see how many 
sites they used are at-risk/compromised when a particular CA is 
compromised. Whether any percentage of users will act on the information 
is irrelevant/vacuously true since the information doesn't exist. And 
whether end-users care or not, it's valuable information for the 
responsible sysadmins.

You can't design the fix before you've accurately scoped the problem.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the cryptography mailing list