On 25/3/09 01:06, Eddy Nigg wrote:
On 03/25/2009 12:35 AM, Kyle Hamilton:
I don't understand how this is connected to the initial idea of finding
some better ways to use client certificates for mail (was actually
client certificate authentication IIRC). I think I lost you here...
The original idea was how to improve Thunderbird's existing abilities to
work with crypto and deliver security. If you read my proposal
carefully you will see I very carefully separated the crypto/secure
email part from the certificates part.
Which is to say, the original proposal was to improve email security.
It was not to improve the use of client certificates. The latter is
both foolish as an objective, and is also a limiting drain on security
for email for users, especially for Thunderbird's typical users, if
taken as the only objective.
Having said that, because certificate providers and sellers of
certificate software *dominate this forum and Mozilla security thought*
the proposal was written to improve both security for the typical
end-users of Mozilla, and the use of certificates. Note these are two
different things, so it has to dance a careful path. In very brief summary:
1. accounts make key pairs and share public keys for encrypting of email.
(Implementation detail: probably as self-signed certs because that's
what the code does.)
2. Once a substantial body of email is protected by the easy method of
1. above, it makes sense to offer the upgrade path for users to allow
them to convert their public keys (SSCs) into CA-signed certificates.
This will appeal to corps & govts but not to individual users. Corps
and govts will pay for this. Individuals will not.
However, here's the link: Individuals will do part 1. Corps and govts
will follow Individuals. Corps and govts won't do part 2 without part 1.
It's called marketing strategy :)
I have no problem with any of them as long as their usage and trust
remains limited with their domain and internal activities.
This happens to be the case with all CAs (more or less, ref: RPA and the
concept of the relying party) and with all communities.
This is why I wanted to be able to change the chrome to say "hey,
Mozilla hasn't vetted this CA, we recommend you don't put in your
credit card number or any private details".
No, I don't want that. But that's for web sites anyway, not connected to
mail I think...
Right! Email is p2p already, naturally. Web is more or less
client-to-server, and there is a case for 3rd party authentication.
...as such, Mozilla goes a step fuhrer and tells you correctly "hey, we
can't know if you are connecting to the site you intend to connect to
and we recommend not to connect to the site...it might be somebody
different really".
It doesn't need to say that. Emails are already that way. If it were
to say it, then it would be complicating its own liability position.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
