W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

RE: ACTION-240 :TLS errors...

From: <michael.mccormick@wellsfargo.com>
Date: Mon, 9 Jul 2007 14:32:51 -0500
Message-ID: <8A794A6D6932D146B2949441ECFC9D680420D919@msgswbmnmsp17.wellsfargo.com>
To: <stephen.farrell@cs.tcd.ie>, <egelman@cs.cmu.edu>
Cc: <wdoyle@mitre.org>, <tlr@w3.org>, <public-wsc-wg@w3.org>, <Pete.Palmer@wellsfargo.com>, <conflongspeak@wellsfargo.com>

A self-signed cert requires no vetting by a TTP so it is inherently at
least a little riskier.  Obviously the actually degree of vetting
depends on the CA and the class of cert, but some is better than none.
Also there's a liability dimension to consider.  If I'm defrauded by
someone who obtained a TLS cert improperly, the CA who issued the cert
may owe me compensation or at least be suable.  I have no such recourse
with a SSC; hence more risk.

Expired certificates aren't just a revenue stream for VeriSign et al.
They're also a mechanism for regularly retiring credentials more quickly
than they would typically be compromised by entropy or attack (same
reason we expire passwords) and for forcing recertification & re-vetting
of the requester.  The presence of an expired TLS cert may indicate the
holder was unable to obtain a replacement, or has used the credential
for far longer than its entropy period.  Either way there's risk.

Revoked certificates are obviously high risk.  I think a "can't find
status information" cert has to be treated the same as a revoked cert
from a risk perspective.

Average end users don't need to know about this stuff or even what
certificates are.  But they do need to know that a security condition
has been detected which raises the risk of using a site for high-trust
activities.

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Monday, July 09, 2007 12:53 PM
To: Serge Egelman
Cc: McCormick, Mike; wdoyle@mitre.org; tlr@w3.org; public-wsc-wg@w3.org
Subject: Re: ACTION-240 :TLS errors...



Serge Egelman wrote:
> 
> How is the risk that much greater for a self-signed certificate than a

> standard CA-signed one?  Since a certificate can be purchased for $20,

> a self-signed cert is effectively as secure.

Not really. I can scale an attack involving newly crafted SSCs as large
as I like, but one that requires a $20 spend per different cert is more
difficult. So "as secure" isn't strictly correct.

 > Now, what about expired
> certificates?  Can anyone really argue that an expired certificate is 
> riskier than a self-signed one?

I wouldn't argue that. However, an expired cert is arguably riskier than
a valid cert. (We're dealing with a partial order here at best.)

 > I would argue that most of the current
> SSL-related warning messages have little impact on the user's
security. 
>   The only current browser error with regard to certificates that 
> should actually be meaningful is if a certificate has been revoked.

How is "revoked" sensibly treated any different from "can't find
certificate status information"? If it can't really be treated
differently then there's a nice slippery slope that ends up presenting
everything to do with PKI back to the user, which of course none of us
want.

So overall, I'd argue that no PKI stuff should be exposed at all,
(modulo not knowing what I really think is best for SSCs;-)

S.
Received on Monday, 9 July 2007 19:35:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:49 GMT