On May 21, 1:46 am, Kurt Seifried k...@seifried.org wrote:
m...@mattmccutchen.net wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
[...]
For you to claim that the browser should be able to determine the
On 05/21/2010 06:12 AM, From Kyle Hamilton:
The way that commercial certifying authorities have gone about
things thus far is completely antithetical to how business is
transacted on the commercial internet. (hint: banks require *two*
forms of ID in order to open a bank account, and CAs provide
On 05/21/2010 07:36 AM, From Matt McCutchen:
That's not right. We are discussing SSL as a /means/ to prevent
impersonation of the site the user wanted to visit. In this context,
a false positive is defined as an SSL error when no impersonation is
taking place.
Oh really? And how do
On 05/21/2010 08:46 AM, From Kurt Seifried:
For you to claim that the browser should be able to determine the
intent of a self signed and unknown certificate (i.e. is it
legitimate, or a man in the middle) without any external help
represents a failing is to show a pretty fundamental lack of
On 21/05/10 12:11, Eddy Nigg wrote:
And your whole arguing starts to become ridiculous.
Not at all. He is saying that the browser cannot tell whether a
certificate problem is the result of an attack or the result of a
misconfiguration. And that's absolutely correct. Isn't it?
Otherwise
On 21/05/10 05:36, Matt McCutchen wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
This seems a fine definition to me.
If the browser says OMG - someone might be trying to MITM you, and
no-one is, that's
On 5/21/2010 9:51 AM, Gervase Markham wrote:
Otherwise we'd just not put up errors for the misconfigurations, only
for the attacks :-)
Is there an open bug for support of RFC 3514?
http://tools.ietf.org/html/rfc3514
- Marsh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
intent of a self signed and unknown certificate (i.e. is it
legitimate, or a man in the middle) without any external help
represents a failing is to show a pretty fundamental lack of
understanding as to how this all works.
Once again, I make no such claim. I said that if there is in
On 05/21/2010 07:52 AM, Gervase Markham wrote:
On 21/05/10 05:36, Matt McCutchen wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
This seems a fine definition to me.
If the browser says OMG - someone
2010/5/21 Robert Relyea rrel...@redhat.com:
On 05/21/2010 07:52 AM, Gervase Markham wrote:
On 21/05/10 05:36, Matt McCutchen wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
This seems a fine definition
On 18/05/10 15:54, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
If users did not have faulty judgement, and always made correct security
decisions, then there would be no
On 05/19/2010 07:44 PM, From Marsh Ray:
Perhaps one identifiable improvement here is that this ability to get
acceptable certs easily could be made more widely known?
Yes, perhaps...but it might be difficult for Mozilla to do so too
openly...not sure.
--
Regards
Signer: Eddy Nigg,
On 5/20/2010 4:28 AM, Gervase Markham wrote:
On 18/05/10 15:54, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
If users did not have faulty judgement, and always made correct
On Mon, 2010-05-17 at 13:25 -0500, Marsh Ray wrote:
Imagine how fast sites would fix their certs if the scary page proposed
keyword alternative sites that did not have cert issues.
You can't assume that it's the site's fault. A competitor could be
MITM-ing the connection and showing a bad
On May 19, 11:28 am, Eddy Nigg eddy_n...@startcom.org wrote:
Well, just for the record, lets get this strait - there are no false
positives. I have NEVER encountered an error with a web site and there
was no reason for it. Either the certificate was not trusted or the
domain did not match or
On 05/21/2010 03:23 AM, From Matt McCutchen:
On May 19, 11:28 am, Eddy Niggeddy_n...@startcom.org wrote:
Well, just for the record, lets get this strait - there are no false
positives. I have NEVER encountered an error with a web site and there
was no reason for it. Either the certificate
The way that commercial certifying authorities have gone about
things thus far is completely antithetical to how business is
transacted on the commercial internet. (hint: banks require *two*
forms of ID in order to open a bank account, and CAs provide only
*one*. How would you solve this
On Fri, 2010-05-21 at 04:02 +0300, Eddy Nigg wrote:
On 05/21/2010 03:23 AM, From Matt McCutchen:
On May 19, 11:28 am, Eddy Niggeddy_n...@startcom.org wrote:
Well, just for the record, lets get this strait - there are no false
positives. I have NEVER encountered an error with a web site
When I hit reply the mozilla groups bounces my email, so replying off list.
m...@mattmccutchen.net wrote:
I'm not claiming that the user knows. I only said that if there is in
fact no impersonation, then the error is a false positive.
If you're going to redefine what a false positive is than
Eddy Nigg wrote:
Isn't this actually a sign that the technology works? I mean, 100% false
positives means literally 100% success.
Shit no !
The higher the false positive rate, the more acute the failure.
People will trust and respect the warning *only* if there's a very low
rate of false
Marsh Ray wrote:
What do you propose other than not letting the user bypass
the cert error page at all?
Investing some serious time enhancing those errors.
Or investing some serious time evangelising the SSL site owners into
using a real certificate.
But the statu quo doesn't work.
On 05/19/2010 01:30 PM, From Jean-Marc Desperrier:
Eddy Nigg wrote:
Isn't this actually a sign that the technology works? I mean, 100% false
positives means literally 100% success.
Shit no !
The higher the false positive rate, the more acute the failure.
Well, just for the record, lets get
On 05/19/2010 05:37 PM, From Jean-Marc Desperrier:
Or investing some serious time evangelising the SSL site owners into
using a real certificate.
But the statu quo doesn't work.
Amen! And you know what - today there is NO reason whatsoever not to get
real certs, they are available from
On 5/19/2010 10:32 AM, Eddy Nigg wrote:
On 05/19/2010 05:37 PM, From Jean-Marc Desperrier:
Or investing some serious time evangelising the SSL site owners into
using a real certificate.
But the statu quo doesn't work.
Amen! And you know what - today there is NO reason whatsoever not to
On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possible. As
Edward Felten says, given the choice between
On 17/05/10 23:16, Robert Relyea wrote:
A more telling quote is:
For example, much of the
advice concerning passwords is outdated and does little
to address actual threats, and fully 100% of certificate
error warnings appear to be false positives.
Although he now admits that
On 05/18/2010 02:48 PM, From Gervase Markham:
On 17/05/10 23:16, Robert Relyea wrote:
A more telling quote is:
For example, much of the
advice concerning passwords is outdated and does little
to address actual threats, and fully 100% of certificate
error warnings appear to be
On 5/18/2010 4:44 AM, Gervase Markham wrote:
On 18/05/10 05:20, johnjbarton wrote:
Many of our potential users are inexperienced computer users, who do
not
understand the risks involved in using interactive Web content. This
means we must rely on the user's judgement as little as possible. As
On 5/18/2010 9:54 AM, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
The judgment starts when the user chooses the app. In effect the
designer is saying The user, by selecting my
On 5/18/2010 9:08 AM, Marsh Ray wrote:
On 5/18/2010 9:54 AM, johnjbarton wrote:
I mean that starting a design from the point of view that the users have
faulty judgment will almost certainly lead to software that fails.
The judgment starts when the user chooses the app. In effect the
On 05/18/2010 05:54 PM, From johnjbarton:
I mean that starting a design from the point of view that the users
have faulty judgment will almost certainly lead to software that fails.
That might be correct, however your assumption that this was the point
of view at the beginning is entirely
On 05/18/2010 09:44 PM, From johnjbarton:
The designer here is asserting a false, one-dimensional design space
and insisting that users make a choice along this false dimension.
Actually the user doesn't have to make a choice I think. It's either
working or it doesn't. All the rest is a
On 5/18/2010 1:44 PM, johnjbarton wrote:
The designer here is asserting a false, one-dimensional design space and
insisting that users make a choice along this false dimension.
Yep.
But be a little sympathetic. We all have models of reality that are
insufficiently dimensional.
As long as
On 5/18/2010 12:15 PM, Eddy Nigg wrote:
On 05/18/2010 09:44 PM, From johnjbarton:
The better model begins by abandoning the security-vs-convenience
mindset. Security should be about the maximum actually and effective
security experienced by users. Our reaction to users clicking through
On 05/18/2010 10:37 PM, From johnjbarton:
1) A shift by the security experts on this newsgroup to view
challenges to their approach as opportunities to improve security
solutions, (concretely I object to being a labeled on the
security-vs-convenience line),
not sure if this isn't
On 5/18/2010 2:17 PM, Eddy Nigg wrote:
On 05/18/2010 10:37 PM, From johnjbarton:
2) Openness and encouragement of better API and UI for mozilla
security solutions (concretely your fabulous resources are effectively
out of reach for JS developers, it's a real shame)
...but I'm certain that
Cormac Herley provides a detailed exploration of dangers of
inappropriate security warnings:
https://docs.google.com/viewer?url=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fum%2Fpeople%2Fcormac%2Fpapers%2F2009%2Fsolongandnothanks.pdfpli=1
or here is the short URL
http://bit.ly/9flIbJ
Check
On 2010-05-17 08:41 PDT, johnjbarton wrote:
Cormac Herley provides a detailed exploration of dangers of
inappropriate security warnings:
https://docs.google.com/viewer?url=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fum%2Fpeople%2Fcormac%2Fpapers%2F2009%2Fsolongandnothanks.pdfpli=1
Why
On 05/17/2010 08:31 PM, From johnjbarton:
It's so true. If you really want to disable all security warnings,
there is
a Firefox extension that will do it. Just use it. Maybe you could even
improve it to display dancing pigs!
The quote above was taken out of context. The remaining
On 5/17/2010 12:59 PM, Eddy Nigg wrote:
On 05/17/2010 08:31 PM, From johnjbarton:
It's so true. If you really want to disable all security warnings,
there is
a Firefox extension that will do it. Just use it. Maybe you could even
improve it to display dancing pigs!
The quote above was
On 2010-05-17 10:31 PDT, johnjbarton wrote:
On 5/17/2010 10:23 AM, Nelson B Bolyard wrote:
My favorite quote:
Given a choice between dancing pigs and security,
users will pick dancing pigs every time.
It's so true. If you really want to disable all security warnings,
there is a
Check esp. section 7.6 So What Can We Do?.
This paper is about a year old, and we discussed it here when it was
now.
My favorite quote:
Given a choice between dancing pigs and security,
users will pick dancing pigs every time.
The quote above was taken out of context. The
On 05/17/2010 09:25 PM, From Marsh Ray:
This is half in jest, but half serious too. There may be something here.
Imagine how fast sites would fix their certs if the scary page proposed
keyword alternative sites that did not have cert issues.
Truly evil :-)
--
Regards
Signer: Eddy Nigg,
On 5/17/2010 11:58 AM, Nelson B Bolyard wrote:
On 2010-05-17 10:31 PDT, johnjbarton wrote:
On 5/17/2010 10:23 AM, Nelson B Bolyard wrote:
My favorite quote:
Given a choice between dancing pigs and security,
users will pick dancing pigs every time.
It's so true. If you really want
Wow, now that is over the top! How incredibly obnoxious. So the view of
mozilla.org is that their users are incompetent fools. I wonder why you care
about security for these 'idiots'?
Not everyone on this list speaks on behalf of Mozilla.org (I
certainly don't) and even within Mozilla.org I'm
On 5/17/2010 9:41 PM, Kurt Seifried wrote:
The reason we have so many problems is this: Security is hard.
Lots of things about computing are hard. The path to improvement is in
looking for ways to make the systems easier to operate properly. A place
to start is a little respect for
46 matches
Mail list logo
