Ian G wrote, On 2008-10-20 13:28: > Yes. E.g., did you know that the point of a good lock on a door is > *not* to stop a burglar getting in, but to stop him getting out? > That's why it is called a deadbolt. The burglar can always get in, > the game is to stop him getting out the front door, carrying your stuff.
I think you are using the term "deadbolt" to describe locks that require a key on both the inside and the outside to lock or unlock them. I think that is not the definition of "deadbolt" common used in the USA. I wonder if that is a regional thing, US English vs UK, or something. In the USA, a deadbolt lock is any lock whose "bolt" must be explicitly locked each time the door is closed, or else it remains unlocked. While such locks are common, typically they have a simple handle on the "inside", and require a key only on the outside. I suppose that makes them not "good" locks by your definition, and I agree that the typical US deadbolt lock does not hinder egress, but only hinders ingress. > (e.g., we do agree that we'd like to write something that says "for > high value commerce, use XXXX" ... except we don't know what XXXX is.) I keep wondering about that. Lots of people seem to agree that they want some kind of half-vast SSL, providing some encryption, but no assurance that the party to whom they're connected is who they intended it to be. No protection against MITM, just a warm fuzzy feeling that "well, at least we're using encryption". I think the term "security theater" applies. How do we give them that in a way that clearly distinguishes between that and real authenticated connections? I think there are (at least) two parts to the puzzle: a) some way to convey to the browser that the EXPECTED amount of security is low, so the browser won't try to impose all the usual high security requirements on the connection (e.g. not impose strong authentication requiremetns) and hence won't show any warnings. I'm thinking we need an alterantive to https for this. httpst:// (security theater) maybe? or httpwf:// (warm fuzzy) or mitm:// b) some unmistakeable blatantly obvious way to show the user that this site is not using security that's good enough for banking but, well, is pretty good security theater. Flashing pink chrome? Empty wallet icon? The whistling sounds associated with falling things? http://www.sounds.beachware.com/2illionzayp3may/dhy/BOMBFALL.mp3 With such an alternative to regular https, we could raise the bar on https certs (stop allowing overrides) while still offering an alternative for those who want it. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
