bob and all, I think Bob's exactly right here. Thanks bob for being so concise. >:)
-----Original Message----- >From: Robert Relyea <[email protected]> >Sent: Sep 24, 2010 5:00 PM >To: [email protected] >Cc: [email protected], [email protected], [email protected], [email protected], >[email protected], [email protected] >Subject: Re: [TLS] [secdir] secdir review of > >On 09/24/2010 01:29 PM, Martin Rex wrote: >> Peter Saint-Andre wrote: >> >>> For context, the "quoted advice" is mostly a description of current >>> usage in some existing user agents. Incorporating Barry's suggestions, >>> that text currently reads as follows in our working copy: >>> >>> Security Note: Some existing interactive user agents give advanced >>> users the option of proceeding despite an identity mismatch. >>> Although this behavior can be appropriate in certain specialized >>> circumstances, in general it ought to be exposed only to advanced >>> users and even then needs to be handled with extreme caution, for >>> example by first encouraging even an advanced user to terminate >>> the connection and, if the advanced user chooses to proceed >>> anyway, by forcing the user to view the entire certification path >>> and only then allowing the user to accept the certificate on a >>> temporary basis (i.e., for this connection attempt and all >>> subsequent connection attempts for the life of the application >>> session, but not for connection attempts during future application >>> sessions). >>> >> This whole paragraph is evil and completely wrong. >> >> It's bad enough that the web browser crowds replaced a useful option >> and important security feature with an extremely evil scary page. >> > >No, this paragraph is exactly what should happen. Click through dialogs >are demonsterably useless. They train users to ignore them. The only >place for them is if you decide that validation is not necessary. >> Offering to end-users, in a single-time-only leap-of-faith approach similar >> to what SSH has been successfully doing since its invention to memorize >> the peers certificate is magnitudes more secure than the endpoint >> identification linking to one of a hundred trust anchors, provisionally >> preconfigured by your software supplier. >> >SSH is good for small numbers of point to point connections where the >user controls both sides. SSH model is not appropriate for the general >population connection to millions of webservers. That is why SSH is used >extensively in admin deployments (where the admin controls both >machines) and is not used for e-commerce. If you want that semantic use >SSH. If you want security for the masses, use SSL (with full PKI). > > >[ case where SSL is being used for an SSH use case deleted] > >bob > Regards, Jeffrey A. Williams Spokesman for INEGroup LLA. - (Over 300k members/stakeholders and growing, strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail [email protected] Phone: 214-244-4827 _______________________________________________ certid mailing list [email protected] https://www.ietf.org/mailman/listinfo/certid
