Gervase Markham wrote:
Ian G wrote:
The market works all this out. There will be some
settling. In each country there will be like 1-3
big national brands. Then there will be the globals,
the "Intels" of certification, which we can assume
would include VeriSign. Then, in each sector there
will be specialists; so there might be 1-3 big adult
CAs, then there will be 1-3 gambling CAs, then 1-3
banking CAs...
And what do we tell a user to do when he sees a CA logo he doesn't
recognise?
What do you tell a user when he sees a restaraunt
rating he doesn't recognise?
The point is not what you tell him in terms of making
a choice; the whole point of the exercise is that
the user remembers that it was rated by michelin last
week, and now it's not. What's going on? Take more
care.
Or, Amazon now has a DodgyCA cert. What's going on?
(The answer to your question is: take more care!)
The average user will need to know about 8, right,
but there will be many more out there, she just
won't enter into their worlds that much, much as
a Honda buyer never needs to know that both Mack
and Volvo make trucks.
This analogy doesn't work. The equivalent analogy would be driving to a
store which required you to drive your merchandise home in a car of
their choice, which had a greater or lesser likelihood of malfunctioning
and crashing on the way home. You'd certainly need to know about Honda,
Mack and Volvo trucks then! Or, to make life much easier for yourself,
you'd need a "Which?" report in your hand which said "Honda and Mack
trucks are pretty safe. Avoid Volvo".
Well, the thing about analogies is that they are
never perfect. That's why they are called analogies;
there is always some way to show they don't work.
Their purpose is to explain by comparison, by
metaphor, not to provide a puzzle to be broken.
As far as whether the user is faced with a choice
and decides to buy or not based on the cert, I
don't see a problem with that. I'm mystified why
anyone would...
She goes to amazon and sees say verisign. She says
well, that's no good, so she goes to barns&noble
and sees verisign *again*. Well, this is boring,
so she asks someone, and he says, "yeah, verisign
is fine." So she buys a book. A bit later on she
goes to her bank and sees GeoTrust. Well, that's
no good she says, so she asks the same person and
he says, "GeoTrust is fine." So now she knows
two. ... and on and on.
There is no big problem here. It's a very normal
thing for human beings to do.
Perhaps. The level of brand awareness required for this feedback
mechanism to work is that a person must visit https://www.gap.com,
realise it's secured by Foo CA, know that Foo CA has issued the odd
dodgy cert, and then go and shop at https://www.sears.com instead.
I'm sceptical that CA brands will ever achieve that level of brand
awareness that overrides the often million-dollar-backed brand
awareness of companies.
They will! If only given the chance. Or they will
go out of business leaving fewer brands for the
consumers to deal with. The market will solve this
problem nicely.
Again, the analogy doesn't hold, because consumers cannot choose to "not
use" a particular CA they don't know - the CA is chosen by the shop, not
the consumer.
This objection is based on a false premise that we
need to "give them a choice of CA." Or hide it.
No such choice pertains; the information is not
there to allow them to "choose CAs" it is there
to complete the security model.
It's like saying, we have to hide the fact that
Deustchebank is regulated by the Bundesbank, because
if the user knew, they'd have to chose to "bank or
not bank" based on this information.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
