[Cryptography] "Trust in digital certificate ecosystem eroding"
Howard Chu
hyc at symas.com
Tue May 5 04:12:21 EDT 2015
Michael Kjörling wrote:
> On 2 May 2015 10:00 +0100, from hyc at symas.com (Howard Chu):
>> I would start by shipping all the currently bundled CAs in disabled
>> state. Every time you hit a new web site, prompt for whether to
>> trust it's chain or not, and also display a counter of how many
>> times you have trusted a site using this CA. I.e., I want to know
>> how many of the thousands of CAs being shipped are actually useful
>> in my own browsing patterns. The rest have no business being enabled
>> in the first place.
>
> The problem with this is (and many other approaches that burden end
> users with security-critical decisions) that the vast majority of
> users simply want to proceed to www.funnymovieswithcutekittens.com or
> whatever other site they were trying to get to. So they will click
> "proceed" or whatever the button is labelled, all the while thinking
> "why are you bugging me? just get out of my way, computer!".
I said "I would start" - I didn't say "here is a complete solution for
you." My point is that at the moment, not you nor anyone else has any
actual metrics on the scope of the problem. In particular, software
today doesn't provide *any* way for an individual user to see how many
sites they used are at-risk/compromised when a particular CA is
compromised. Whether any percentage of users will act on the information
is irrelevant/vacuously true since the information doesn't exist. And
whether end-users care or not, it's valuable information for the
responsible sysadmins.
You can't design the fix before you've accurately scoped the problem.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the cryptography
mailing list