>Well, all the arguments have been heard on this already, and positions are >fairly entrenched. It seems futile to have the debate over and over, and I >for one would like to point out that it is uncomfortable to treat it like a >political campaign. > >Perhaps a vote?
Not for me, but perhaps a design competition. >It seems that Eddy and Nelson are in the anti-self-signed-certs camp, and I >would join Kyle in the pro-self-signed-certs camp. > >Do others have strong-enough feelings? I would like to see self-signed certs allowed, but not in the way that they have been in the past, and not with the UI they are now. My design would be: a) Firefox keep track of every TLS site you have ever visited. If they ever have used an externally trusted cert, they can never use a self-signed cert. "Never" here means that there is no way in the UI to get to the site over HTTPS after a backwards transition: you get a long error message, but not a choice. b) Mozilla keeps track of every TLS site known to have used an externally trusted cert. It does this by its own probes, possibly with help from its friends like Google or the CAs. This information is optionally used in the calculation from (a), with the default being to use it. c) When you first get to a site that is self-signed that does not trigger a failure above, you get an informational (not scary) explanation of what is going on; this message has the SHA-256 fingerprint of the public key. You are told that you can go there just this once, or you can have Firefox remember this self-signed cert. If the site had a previously-memorized self-signed cert that is different than the one now, you get a different warning explaining the situation that asks if you are sure that the site has changed its self-signed cert; this message is half-ominous, but clickable through. This system works without (b), but works much more safely with it. Using such a system, all other cert errors can now have more useful warnings that will not be confused with those for sights that self-sign. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
