Frank Hecker wrote:
Eddy Nigg wrote:
Getting a certificate happens at some CAs already during the
registration process (cough, cough).
This is an interesting point, which I think supports at least some of
Ian's arguments. What you've done is to provide a real incentive for
users to get client certificates, certificates that can then be
repurposed for S/MIME email or other uses.
IMO, in general there is little or no a priori reason for a typical
(non-corporate) user to get a client certificate for S/MIME use. Even
though it make take only a small effort to get the cert, getting a
client cert is not necessarily justifiable given the uncertain benefits
of having one, especially if none of your friends and other
correspondents have one. (It's the network effect in reverse.)
But in this case users are willing to go through the minor hassle of
getting a client cert because they're motivated to get those super-duper
free SSL certificates, and they need the client cert to access the
administrative interface. It's a clever way of getting around the problem.
Albeit, only to those interested in SSL certs. Conceivably this would
be made a lot more fluid if Apache were to release TLS/SNI, and to a
lesser extent, Microsoft's IIE.
Considering the amount of public client certs stored in my TB, it
seems that many of the somewhat more technical orientated audience are
A) able to use it, B) actually using it. And not all of them are geeks
either.
With all due respect, this is merely anecdotal evidence. IMO the only
two metrics of interest for S/MIME email are a) the fraction of email
users who have personal certs usable for S/MIME; and b) the fraction of
all email messages that are send using S/MIME. I don't happen to know of
any authoritative studies on this.
+1 for any authoritive studies. It would be nice if Thunderbird could
do this, but the "ET phone home" part would probably scare people.
S/MIME is an easy to use solution to encrypt mail, sufficiently
secure, provides reasonable protection and easy to obtain (free client
certificates are all over - Verisign, Thawte, StartCom, Comodo and
perhaps more).
To be clear, I don't think that S/MIME email is irreparable.
I have written frequently about this on my blog. I don't think it is
irreparable, but I think the development team needs to decide whether
they are supporting users or others. If users, then they will get more
security by generating the key pairs on account creation, fixing the key
distro issue, and helping users to upgrade to better certs later on.
IMO. Users want a bit of security talking to people they know, talking
to others they don't know can come later, as can dealing with third parties.
I think it
could benefit from an improved UI in products like Thunderbird and more
attention to making the initial "bootstrapping" process more automatic
and invisible. (For example, when a user gets a certificate, have
Thunderbird automatically offer to send a signed message with the cert
to all people to whom you've sent mail, or all people in your
addressbook, or whatever.)
Yes, agreed, basically solve the key distro problem.
And as noted above, I think a fundamental
problem is providing more incentives for users to get client certs,
particularly outside the context of S/MIME proper. (For example, have
some interesting web service that uses client certs for authentication.)
Over at CAcert they conducted a similar experiment by insisting that the
test for assurers (CATS) be conducted using client certs. It worked
out, or at least this didn't cause the project to fail, and there
weren't any complaints to my knowledge that this held up the process.
However, this is an interested and dedicated audience; it doesn't
necessarily apply to a real user audience, it is mostly the techie
community who are challenged by the thought that they know certs.
(Client side certs are a lot more ready for mass-deployment than S/MIME
ones, but still have their foibles. One thing I discovered was that if
you have multiple certs, the KCM is not so well developed in Firefox.
It works if set to "choose-by-self," in which case we don't know which
cert is in use. Or, if set to "ask-me", it asks me practically every
click which to choose, and sometimes twice or thrice per click. If I
had more time I'd chase the bugzilla.)
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
