Ben Bucksch wrote:
I generally agree with the proposal. Mozilla should not treat all
classes the same. And it's an abstraction of EV, i.e. EV could be
treated as one class in this framework.
Nice!
Lesson 1: Don't treat all classes the same, because they simply are not
Lesson 2: Class 1 certs are insecure (but would be OK in an "SSH model")
Lesson 3: Not remembering certs and warning when they change is a
security risk (contrast to SSH model)
Eddy's proposal was about 1. 3 needs to be solved, too, but it's
harder and I'll save that for a later proposal.
As we discussed the "SSH model" previously, I think to mention a few
things here. Since most web site owners, after the expiry of the
certificate create a new one for their site, a regular visitor would
receive about once a year a warning that the public key changed. This
perhaps would confuse a visitor and the warning would result in another
"click-through" message, which of course is not the intention of what we
want here. This however can be improved, if subscriber re-use the same
key and submit their previous CSR over and over again, provided that the
data didn't change. In such a case, the public key portion remains the
same, which wouldn't invoke the "SSH model" warning. I think this is an
interesting idea which should be further evaluated.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Phone: +1.213.341.0390
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security