W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-240 :TLS errors...

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Sat, 07 Jul 2007 17:11:48 +0100
Message-ID: <468FBB44.8060801@cs.tcd.ie>
To: public-wsc-wg@w3.org



Thomas Roessler wrote:
> On 2007-07-07 16:08:54 +0100, Stephen Farrell wrote:
> 
>> Essentially, when the user somehow accepts the SSC, they're doing
>> the equivalent of adding a new trust anchor to their local store,
>> even if the SSC is only going to be trusted for that DNS name.
>> (Cue advertisment for the upcoming TAM BoF at the Chicago IETF -
>> I'd still like input from WSC there - maybe Thomas wants a quick
>> slot on the TAM agenda? :-)
> 
> As I said, as long as you don't conflict with the HTTP BOF, the apps
> area meeting, or the security area meeting, I'm happy to come.  

Good. Currently scheduled for Friday but still a small chance
of a move.

> Tell
> me a bit more about the scope again?

There's a problem statement [1] (note that a -01 has been posted, but
has yet to show up) and we also have Paul Hoffman who's going to speak
to device and non-enterprise uses. I'd welcome either WSC or TLR (or
anyone else's) input whether that's from the floor or in front of ppt.
In particular, I'd welcome an FI perspective.

>> So in future there may be a TAM protocol that could be run to
>> handle the SSC. When that's available, then it'd be reasonable to
>> have a proposal to only show the error message for the SSC (same
>> as if the PKI-rooted server cert was expired), but to allow the
>> user to get into runnng the TAM protocol in some controlled way.
> 
> I'm confused.  The one thing that can be done automatically is
> recognize that you hit the same self-signed certificate *again*, and
> infer that that's probably a good sign.  

My mail only addressed the 1st time case.

 > Anything else ultimately
> requires an *external* trust anchor, most likely either the user's
> brain or an oracle somewhere.  If it's the user's brain, then we're
> no different from the current situation.

Now I'm confused, but that's normal:-) But I bet we think the
same thing really, so I'm ok with that for now.

> (I wonder if I need to write up my Linksys router's TLS behavior as
> a use case...  TLS there indeed gives me a defense against passive
> attacks [which is valuable], but in order to get that, there are two
> errors that need to be overridden..)

Yes, that'd be interesting.

S.

[1] 
http://www.ietf.org/internet-drafts/draft-wallace-ta-mgmt-problem-statement-00.txt
Received on Saturday, 7 July 2007 16:10:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:48 GMT