78|jn h776i Vilius et al, Wednesday, April 6, 2011, 1:05:46 PM, you wrote:
> Sveiki, > Wednesday, April 6, 2011, 8:56:31 PM, you wrote: >> This is what the confirmation dialog does. It says "I have this >> certificate that I don't trust, do you trust it?" and also gives the >> details for the certificate. This means that the user has the control >> to decide whether or not to trust the source. This moves the >> responsibility for authorising a given certificate from a known flawed >> implicit mechanism to a user authorization. > Yeah, but how does the user know if this is really a certificate he is > thinking it is? He must call other end for example by phone and ask > for certificate fingerprint, check it on certificate he is > accepting, etc. In my opinion this is still > a certification of other end, just without automatic technical means. <snip> There are a couple of points here. 1.- The words are very important. The text says "I have this certificate", it does not say "I have this address/site/interlocutor". It is asking for authorization for the certificate. This is a different issue to certifying origin. 2.- When a program checks the validity of a certificate the implicit acceptance rules it uses say something like "Hi, you are a certificate that I got from host a.b.c. You say that you were issued to a.b.c and you are countersigned by someone I trust. Therefore I will trust you as a certificate and will also trust that I am talking to a.b.c" Due to the current flaws in the certificate system we cannot guarantee that this is better than the manual authorization of the certificate. Actually the manual authorization you describe is about 100 times better than the implicit rules as you do not trust intermediaries, you use a secondary offline communications channel to validate the certificate. You can't get better than that. -- __ _ Debian GNU User Simon Martin / /(_)_ __ _ ___ __ __ Project Manager / / | | '_ \| | | \ \/ / Milliways / /__| | | | | |_| |> < mailto: smar...@milliways.cl \____/_|_| |_|\__,_/_/\_\ Si Hoc Legere Scis Nimium Eruditionis Habes ________________________________________________________ Current beta is 5.0.6.1 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html