Unidentified subject! from P.Lister@cranfield.ac.uk on 1997-06-10 (ietf-http-wg@w3.org from April to June 1997)

From: <P.Lister@cranfield.ac.uk>
Date: Tue, 10 Jun 97 18:10:27 +0100
To: "David W. Morris" <dwm@xpasc.com>
Cc: P.Lister@cranfield.ac.uk, Shel Kaphan <sjk@amazon.com>, Martin Hamilton <martin@mrrl.lut.ac.uk>, http-wg@cuckoo.hpl.hp.com, Re: cache-busting.document@cranfield.ac.uk;
Message-Id: <9706101710.AA14738@panama>

> I agree that this is often the primary requirement for the user, but
> a form which has an HTTPS: action doesn't appear secure to the user unless
> the browser cue (e.g., the unbroken key) indicates that the page
> containing the form is secure. Security is pretty confusing to the
> average user anyway and every idea I've come up with for starting the
> secure path with the submit has quickly broken when I look for
> vulnerabilities.

While I have as much faith in users understanding security as you,
most people get the difference between signed vs unsigned and
encrypted vs plaintext. The whole point is to tell the user that the
form she's about to fill in can be trusted (even if it wasn't
encrypted), but that the data she's about to upload WILL be encrypted,
just as banks will happily dish out application forms for their
products to anyone and everyone, but the completed forms should be
treated as confidential. To be regarded as genuine, a certificate
chain must still connect the form back to a certificate that the
browser trusts, even though the actual form itself may have been
pulled from a cache. The certificates can cached with the form or
independently like PGP keyservers.

>From the user's point of view, the key is still be unbroken, though
maybe a different colour (or perhaps the key should now represent
secrecy and something like a wax seal icon would represent signature).
Whatever; the "secure" path still starts with the form rather than the
submission, but one may have to define "secure" a bit more precisely.

I heartily concur with your comments about audit, but we're getting
off the topic of caching.

Peter Lister                             Email: p.lister@cranfield.ac.uk
Computer Centre, Cranfield University    Voice: +44 1234 754200 ext 2828
Cranfield, Bedfordshire MK43 0AL UK        Fax: +44 1234 751814
   The more we look at structures of trust, the more we realise that
   democracy and subversion are closely related.     (Ross Anderson)

Received on Tuesday, 10 June 1997 12:20:14 UTC