Peter Saint-Andre wrote: > > For context, the "quoted advice" is mostly a description of current > usage in some existing user agents. Incorporating Barry's suggestions, > that text currently reads as follows in our working copy: > > Security Note: Some existing interactive user agents give advanced > users the option of proceeding despite an identity mismatch. > Although this behavior can be appropriate in certain specialized > circumstances, in general it ought to be exposed only to advanced > users and even then needs to be handled with extreme caution, for > example by first encouraging even an advanced user to terminate > the connection and, if the advanced user chooses to proceed > anyway, by forcing the user to view the entire certification path > and only then allowing the user to accept the certificate on a > temporary basis (i.e., for this connection attempt and all > subsequent connection attempts for the life of the application > session, but not for connection attempts during future application > sessions).
This whole paragraph is evil and completely wrong. It's bad enough that the web browser crowds replaced a useful option and important security feature with an extremely evil scary page. The IETF should definitely not put this non-sense into a BCP or standard. Offering to end-users, in a single-time-only leap-of-faith approach similar to what SSH has been successfully doing since its invention to memorize the peers certificate is magnitudes more secure than the endpoint identification linking to one of a hundred trust anchors, provisionally preconfigured by your software supplier. The IETF, its standards & BCPs ought to stand clear from recommendations that impair the usability or incur additional cost for using the TLS technology between components of home networks. The scary-pages presented by newer Browsers and the UI suggestions in the quoted paragraph amounts to turning the entire TLS technology into "nagware" for commercial pre-trusted CAs. The most recent browser scary-pages are worse than most nagware. I'm not intimidated on the initial install of my DSL-router, neither when logging in to the webadmin page for the first time, nor when configuring my WPA2-PSK key. Why on earth am I intimidated so badly when I activate TLS for the webadmin UI of my home NAS and connect to it with my browser for the first time? Can't we do better than specifying the use of HTTP over TLS instead of HTTP-only to access devices on my home network should not be allowed to users that are not "advanced", and even those must be badly intimidated when they try? Even when servers use server certs from commercial pre-trusted CAs, the options for end users to manually confirm the server cert to have it cached/memorized and verified on future visits will significantly improve the security for the user, because it protects from later subversion of (the issuing procedures) of any of the thousands CAs signed by any of the hundred preconfigured trust anchors as well as bugs such as the OID-integer wraparound and NUL-character in Hostname. -Martin _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
