W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-240 :TLS errors...

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Mon, 09 Jul 2007 17:57:30 +0100
Message-ID: <469268FA.9030709@cs.tcd.ie>
To: michael.mccormick@wellsfargo.com
Cc: wdoyle@mitre.org, tlr@w3.org, public-wsc-wg@w3.org



michael.mccormick@wellsfargo.com wrote:
> Hi Bill,
> 
> 1. A current fundamental problem IMO is web agents display security
> errors without providing the user with any means to interpret them from
> a risk perspective.  Most users don't want to know technical details of
> a TLS error; they won't to know what the risk implication is.  So I
> certainly hope it's within WSC scope to make a recommendation in this
> area.
> 
> 2. A self-signed cert that causes an error message by definition was not
> issued by a trusted authority.  Should users trust web sites to act on
> their own behalf as certificate authorities?  It's an interesting
> question.  One has to keep in mind that a malicious https web site is
> probably going to use a SSC.  Whereas the only reason a benign web site
> should use a SSC is economic; to avoid the cost of paying money to
> VeriSign et al.  Maybe the world needs a free but trustworthy CA, but
> that problem is outside WSC scope.  I think we can say the presence of a
> SSC indicates somewhat higher risk than a TLS cert issued by a reputable
> trusted CA.

While I sympathise, I'm not sure I agree.

How may times are phishes directed to hacked servers? Surely many
of those have good server certs?

So, I don't agree that an SSC means "more risky" in general.

However, for someone claiming to be a bank or commerce site then
correct. For a "community" site, I don't think the SSC determines
risk at all well,

S.
Received on Monday, 9 July 2007 16:55:40 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:48 GMT