Automatically generated self- signed FREEDOM CERTIFICATES, as a convenient temporary measure until widespread Anonymous- Diffie-Hellman is deployed in the field, would appear to strike the quickest and most cost- effective blow for Browsing Liberty [2].
Even if Anonymous DH was widely deployed, it might be better to use self-signed certs, or certs signed by an untrusted root - the browser could remember the cert, and warn the user "this site has a different identity than last time". Or the browser could log the certs that are used for connections, and at some later date, if the user suspected MITM attacks, the user could review the logs for discrepancies - thus giving, if not "tamper resistance" against MITM attacks, at least the possibility for post-facto "tamper detection".
However, changing https to allow untrusted root certs without warnings might not be a good idea - users expect an https URL to be authenticated, so this changes the semantics.
Maybe unauthenticated, ie "opportunistic", encryption in HTTP with SSL/TLS should happen via something like the RFC 2817 upgrade mechanism? (I believe this particular mechanism has problems). The server could advertise that it supports opportunistic encryption, and a browser could choose it automatically, and the user wouldn't even be notified. Then https semantics could be left unchanged.
Trevor
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
