Hi Vilius et al,

<big snip>
>> There are 2 main uses for PKE.

>> 1.- Certify endpoints. For this there must be an unbroken certificate
>> chain from a trusted CA down through 0 or more intermediate
>> certificates to the end certificate that is being used. For this
>> purpose Vilius is right, self-signed certificates are no use.

>> 2.- Secure communications channel. The communication is opaque to all
>> but the 2 endpoints that are communicating. When you perform
>> IMAP/POP3/SMTP authentication you are sending your login details, you
>> definitely don't what people to read that, and you might not want them
>> to read the mail contents either. For this purpose self-signed
>> certificates are perfectly OK.

<snip>
>> I want The Bat! to store the self-signed certificate so that I can
>> simplify purpose 2 above.

> Completely   true.  With small addition, that point 2 only makes sense
> when  you  can  certify  endpoints  also.  E.i.  to  allow self-signed
> communication  in  secure  manner  you  MUST  get certificate from the
> person  you  trust,  on  USB  key,  or that such certificate should be
> pushed  securely  through  Windows  Group Policy for example. Trusting
> (e.g.   accepting)   self-signed   CA   through internet is risky. You
> could  actually  be accepting certificate of transparent proxy without
> knowing  it,  you  have  to  check figerprint, etc, etc. This is why I
> think  current  method  is  really  enough. If it doesn't work as some
> users said, then of course BT ticket should be created for that.

You are still mixing purpose 1 and 2. The channel securing is
independent of who generated the key. End of story. Self-signed,
Verisign-signed doesn't change anything.

What most current applications do (whether you agree or not) when they
find a certificate that they cannot trust implicitly is ask for
an explicit authorization, which given the comments about CA
vulnerability might actually be safer than the existing implicit
rules.

This is what the confirmation dialog does. It says "I have this
certificate that I don't trust, do you trust it?" and also gives the
details for the certificate. This means that the user has the control
to decide whether or not to trust the source. This moves the
responsibility for authorising a given certificate from a known flawed
implicit mechanism to a user authorization.

Which is safer depends on many factors, where you live, how much you
know, etc. As I said before, this is a philosophical discussion more
than a technical issue.

Also take into account that The Bat! does not live in a vacuum and so
should look at what other products are doing. In the HTML discussion I
personally think that The Bat! has it right, however in this case I
think it has it wrong.

Regards.

-- 
   __ _ Debian GNU User Simon Martin
  / /(_)_ __ _ ___ __  __  Project Manager 
 / / | | '_ \| | | \ \/ /  Milliways 
/ /__| | | | | |_| |>  <   mailto: smar...@milliways.cl 
\____/_|_| |_|\__,_/_/\_\ 
Si Hoc Legere Scis Nimium Eruditionis Habes 


________________________________________________________
 Current beta is 5.0.6.1 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Reply via email to