On Feb 22, 2010, at 13:03 , Nguyễn Đình Nam wrote: >> > I agree with you that you should revive the CA selection protocol, but > we should also add 01 Auditing layer above of it anyway, it's an > independent problem. CA-s are audited, AFAIK that's one of the basic requirements. If your problem is auditing or not trusting the processes in the CA, implement a multi-party CA.
>> Otherwise (as it was correctly observed in one of the previous messages), >> we can add layers upon layers of "watcher watchers" without ever addressing >> the fundamental problem. > We don't need and don't want (near) absolute security, one auditing > layer is reliable enough. > Have you considered my argument of the financial report and the > auditor? Even the most prestigious public company need one layer > auditor, but one is enough for general use, not countless layers upon > layers. Of course there is still layers of law above all of them. Financial auditing has shown to fail miserably, especially in the past years (think: Enron, US banking industry, credit rating companies and so on). Yes, it is better than nothing and they learn from their mistakes and the overall level is not that bad. Even though their core business is selling trust, business per se can come first. It is a matter of personal beliefs and experiences and differences in cultures. But if asked to improve/re-design existing trust models (nothing to do with basic cryptography) I would not patch one central point of failure with another one. For me the real solution is basic education for users (there are fools who give out their PIN codes to the first one who'll ask but that generation will soon be gone) and a web of trust kind of model and/or at least the trust decision would be done by human beings, not by the software. The only real "upgrade" the X509/CA/SSL business ever had is this thing that only reveals itself via minor UI improvement: a green bar. If you claim that the trust mechanism provided by TLS is not good enough and provide a solution that claims to fix it by "By default, there is no new user interface feature, for the users, it just works. Relevant parties will watch over the problem." I would say that you have failed. Why? Because you can't fix a thing, that is in fact a personal decision done by a living person, with a solution that the user will never notice and which "relevant parties" will deal with. Long story short: If you think it would be useful to users, implement it as an extension and see how it does. For me extensions that trick the SSL layer or send out requests to the world wide web without me not noticing it are NO-NO. Implementing this as a core service will probably not happen. At the same time, it seems there are many (more than three) people on this list that think the current trust model could be re-designed and more control given to the user. What about joining the efforts and pick up/fork PSM/NSS to work in a different way? -- Martin Paljak http://martin.paljak.pri.ee +3725156495 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto