On 2012-12-31 16:26, Kai Engert wrote:
> I propose to more actively involve users into the process of accepting
> certificates for domains.
Although the recent CA failures cast a shadow over the web they have AFAIK
not led to any major losses for anybody.
The credit-card system OTOH is a major source of losses and hassles.
IMO the only parties that can fix it are the browser vendors.
In the EU and Asia hundreds of millions of EMV-cards are in circulation
but since there is no useful system on the Internet these cards are
still equipped with mag-strip and CCV "passwords" printed in clear on the back
of the cards which makes them subject to attacks in spite of the chip.
What's Mozilla's take on this?
Anders
>
> I envision a UI where users are required to approve once, whether the
> combination of a CA and a domain is acceptable to the user.
>
> The following UI would be shown whenever a user starts a connection to a
> secure site, and the site uses a CA that has not yet been approved for
> the respective domain (or if the uses a fresh computer or a fresh
> browser profile).
>
> The following UI would only be shown, if the certificate can otherwise
> be correctly chained up to a trusted CA - the scenario that we currently
> allow to proceed automatically.
>
> Inline comments regarding the UI are wrapped using <<< >>>.
>
> ======[begin UI]======
> You are trying to open a secure connection to a remote site:
> www.my-bank.xy
>
> A connection can be secure, if the remote site can proof to be the
> legitimate owner of the site.
>
> The remote site claims to be:
> Organization = My Bank
> Name = www.my-bank.xy
> Locality = My City, Counry = XY
> [view complete site certificate]
>
> The site presented a certificate from this Certificate Authority (CA):
> Organization = "A trustworthy CA"
> Organizational Unit = Class n Certification Authority
> Country = XY
> [view complete CA certificate]
>
> <<<for domain validation certs>>>
> The CA claims to have verified that an owner of the domain is operating
> the remote site.
>
> <<<for extended validation certs>>>
> The CA claims to have verified the identity of the operator of the
> remote site, based on business registration documents, to be the
> registered owner of the site.
>
>
> Do you trust the Certificate Authority to have correctly verified the
> remote site, and that the verification is sufficient for your security
> needs?
>
> <<<user must make a choice, or the connection won't proceed>>>
> ( ) yes, for all sites in top level domain “.xy”
> ( ) yes, for all sites in domain “my-bank.xy”
> ( ) yes, for all sites in domain “www.my-bank.xy”
> (*) no, don't connect
>
> [ remember choice and continue ]
>
> <<<the system will remember the selected association of {CA, domain}>>>
> <<<future, different combinations of {CA, domain} will require anther
> confirmation>>>
>
> ======[end of UI]======
>
> Crossposted to dev-security.
> Please follow-up to [email protected]
>
> Thanks and Regards,
> Kai
>
>
>
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
