Heikki Toivonen wrote: > I fail to see this. What is not changeable? What do you propose instead?
Gerv is pretty adamant about supporting EV, and doesn't seem swayed at all by any arguments and discounts everything everyone has said in the past, yet so readily accepts Verisign's proposals... > Some people have pushed for making SSL errors such that you cannot just > click OK and proceed to the site. I'd like to see that happen. The thing > that seems to be holding this back is the fear of misconfigured sites > becoming inaccessible. In any case, that can be done with or without EV > certs. This might be good or bad, disabling click through might end up making people disable SSL altogether, would that be better, perhaps at least there wouldn't be an assumption of privacy, although even with SSL things could be subverted by Governments. > I fail to find the logic in not letting me know the identity of the > website operators I want to do business with. ok this is the crux of my argument, the problem I have isn't with the proposal, it is with the assumptions being stated as fact surrounding it, ie "This will make users safer" which is a load of crap, since most people shopping online may or may not be in a position to sue, and law enforcement may or may not be more willing to do anything about any transgressions. We can assume (with some certainty, anyone that has dealt with small companies will know how much they can penny pinch) because of cost very few people will purchase EV certificates, in my opinion it will be a really small amount, perhaps 1, or at most 2% of all certificates purchased (I think someone else mentioned that Verisign only expects 1%), so we are left with a situation of EV certificates only covering 1% of business, this will either discriminate against small business that doesn't have a business case to pay exorbitant fees for SSL certificates or they will simply not use SSL at all so there is no warnings presented to users, this could have a very negative effect rather then a positive one. > Hmm, so is your suggestion that instead of EV we should use something > like petnames instead? I don't think petname-like systems alone can > solve the problem nor do I think EV alone can solve the problem. I think > we need both. This thread is about discussing EV. I don't think we need EV certificates, it's a thinly veiled attempt at retaining a monopoly position, however it has the potential to back fire and put users at more risk, not less. People have been creating relationships for a very long time with business without having some 3rd party tell them the relationship will be good or bad (word of mouth is still the best form of advertising). The bigger issue here is identity checks don't show trust, they show identity, Gerv is saying this is ok because the checks are extensive enough that you will be able to sue someone, but this isn't always the case, take Enron for example, I'm sure before all that happened with them people would have said they were trustworthy. What is needed is research into safer browsing, not assumptions by one company designed to let it keep it's monopoly position in a market, this doesn't benefit users (how can it when most certs won't be EV?). I'm not saying trust bar et al are the answer, but at least the guys making those proposals have at least conducted research into what end users think when hitting sites and thinking out side of the whole PKI is the only way to do this box. Where is the research and studies conducted to say this is any better then what we have already? Where are the impact studies to show that this won't in fact lead to less SSL use, not better SSL use? In fact was any research or studies conducted to say this will do anything to protect users, or is this simply a thought exercise saying this is what we think is best for everyone and what we say goes? -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://e164.org - Because e164.arpa is a tax on VoIP "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security