- From: Thomas Roessler <tlr@w3.org>
- Date: Sat, 7 Jul 2007 17:21:24 +0200
- To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Cc: michael.mccormick@wellsfargo.com, public-wsc-wg@w3.org
On 2007-07-07 16:08:54 +0100, Stephen Farrell wrote: > Essentially, when the user somehow accepts the SSC, they're doing > the equivalent of adding a new trust anchor to their local store, > even if the SSC is only going to be trusted for that DNS name. > (Cue advertisment for the upcoming TAM BoF at the Chicago IETF - > I'd still like input from WSC there - maybe Thomas wants a quick > slot on the TAM agenda? :-) As I said, as long as you don't conflict with the HTTP BOF, the apps area meeting, or the security area meeting, I'm happy to come. Tell me a bit more about the scope again? > So in future there may be a TAM protocol that could be run to > handle the SSC. When that's available, then it'd be reasonable to > have a proposal to only show the error message for the SSC (same > as if the PKI-rooted server cert was expired), but to allow the > user to get into runnng the TAM protocol in some controlled way. I'm confused. The one thing that can be done automatically is recognize that you hit the same self-signed certificate *again*, and infer that that's probably a good sign. Anything else ultimately requires an *external* trust anchor, most likely either the user's brain or an oracle somewhere. If it's the user's brain, then we're no different from the current situation. (I wonder if I need to write up my Linksys router's TLS behavior as a use case... TLS there indeed gives me a defense against passive attacks [which is valuable], but in order to get that, there are two errors that need to be overridden..) Cheers, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Saturday, 7 July 2007 15:21:30 UTC