(being random crypto chitchat of indirect importance
only!)
I'm curious about this - why is an ISP that provides
IMAP/SMTP requiring a CA signed cert? What's the
point of that? The already have a relationship with
the client that is far stronger than can be established
multilaterally with the CA.
I suspect people want a CA-signed cert for convenience: You don't need
to tell email users to download and approve an ISP-specific root CA
cert, or approve the actual ISP-generated IMAP or SMTP server certs.
I actually meant why are they using third party signed
certs at all? But you raise an interesting alternate,
being the ISP-specific CA. That makes some sort of
sense.
The fundamental issue is that when two parties
communicate, one of the (fairly minor) threats is to
be careful that the email is encrypted to the right
party and not to someone else. Now, if one is
sending email, then one already has a relationship,
so there is no need _a priori_ to bring in a third
party, as there may be with browsing in a retail
payments context.
In such applications as messaging (chat or email),
OpenPGP approach wins over S/MIME approach
because it lets people communicate without any
unfounded assumptions over who trusts who more.
(This is easy to see - if thunderbird delivered with
OpenPGP it would spread like fire in a distillery.)
Which is all to say that if a CA is providing certs
for email users, that's fantastic. But this should
not be a *required* feature in the email clients.
The email clients should be able to communicate
without using those certs, and offer an upgrade
path later on.
If one does that, it may make it substantially
easier to decide how to deal with the root list
addition question: the user should be in control
of determining what a cert means, so there is
really no need for a mail CA to be constrained
in what practice statements it makes.
But one could make a counter-argument that this is no big deal: The
ISP already has to have the end user configure a bunch of ISP-specific
stuff (e.g., domain name for IMAP server and SMTP server, checkbox for
enabling SSL for those protocols, userid and password for IMAP and
authenticated SMTP, etc.), so adding configuration of an ISP-specific
root CA cert or server cert is not necessarily a big deal. (This is
what I did for the private site I administer -- created a private CA.)
Right, for IMAP servers and for SMTP servers, I
suspect the software is just crypto-shy, as you say,
and on install, it should just generate and profer
the necessary certs to get going without fuss. In
fact, the set of options should include not accepting
any third-party certs, as when dealing with email
and the like, the existing relationship should be
used to transmit the certs and do any checking
required.
However I think people (including sysadmins) are so crypto-shy that
people see this as a very big deal indeed. I for one am amazed that
otherwise-intelligent sysadmins make elementary mistakes like reusing
server keys and certs for multiple SSL-enabled servers in a company,
so people have to click through warning dialogs just to use basic
services.
Even many security-knowledgeable IT professionals seem to turn their
brains off when it comes to crypto-enabled applications.
Some user experiences on this, randomly ranted...
I would count myself in that class. I've run a crypto
project or three, but right now I am sorely tempted
to let a current cert I have just expire. When I tried
to figure out how to renew it, the process quickly
bogged down in page after page of instructions.
This is particularly hard on my brain, because I know
it is placebo security; it's as Duane says, I'm buying
popup-avoidance, and if I can't click a button to make
it happen, I really don't want to waste hours of my
time on it. What I really want is for someone like
Duane to mail me my cert cert, telling me what place
to put it in, and attach an invoice to it. Even though
I am *capable* of understanding what it takes to run
the CA gauntlet, I do not have the time to play such
games.
(I know 2 or 3 groups that have run their own CAs,
including as businesses. Friends of mine, that I
had to watch invest substantial monies into. It's
not easy, and the fact that you got it up and going
is a tribute to your persistence!)
Which all changes when the site becomes big and
successful, and millions of dollars pour through on
an hourly basis; then I'm happy to go the expensive
route. But right now, that isn't going to happen.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
