Justin makes some valid points. Risk-management in the future is going to increasingly be about transparency and disclosure. As long as Firefox and Thunderbird provide information about the strengths of different keys in the SSL/TLS negotiation, Mozilla will be advancing the cause of better risk-management through more information. Informed users are. after all, the best defense against any form of attack.
I would recommend a button under the "Technical Details" section of the Page-Info dialog that leads to the kind of detail Justin is referring to. Ideally, it would also be useful to have this detail output as an XML file to the file-system, so that audit tools in the future can automatically pick it up, parse it and determine if the settings are in compliance with a defined security policy at a company. Arshad Noor StrongAuth, Inc. Justin wells wrote:
Hi Ian, Thanks for your reply! It's very enlightening, and I do agree that in the real world there are a lot of issues other than the cryptographic issues. Just to be sure, I am not suggesting that the weakest link should be as strong as the strongest link. I am just trying to understand how weak the weakest link is. So far I haven't been able to find any documentation, or anyone, who can tell me what I actually get when I connect to a website. For all I know my browser is exchanging keys with a 256bit RSA key and then telling me that it's established a secure connection. As you say RSA >2k is secure enough for most purposes, per NIST a 2048bit key is good enough for data that needs protection only to 2031, after which 3072 bit keys are acceptable. All I'm trying to do is sort out whether I've got that level of protection or not, and it seems tough to figure out. For Firefox I'd like to make the recommendation that the text that reads "Connection Encryption: High-grade Encryption (AES 256bit)" and the like be altered to instead state the strength of the weakest link, which in almost all cases is presumably the key exchange. Even AES 256 weakened by the recent attack is still providing some 110 to 112 bits of security, which is most likely still better than whatever is being used for key agreement. If you are really going to assert that this is not the important factor then perhaps some caveats should be added to the "it is unlikely anyone read this page" message that Firefox prints just after giving the content encryption strength.
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
