- From: Martin Atkins <mart@degeneration.co.uk>
- Date: Tue, 21 Oct 2008 18:08:36 -0700
Eduard Pascual wrote: > Not similar at all: for unencrypted connections, you have the "don't > bother me again" option, in the form of an obvious checkbox; while > with self-signed certificates you are "warned" continuously; with the > only option to "install" the certificate on your system to trust it > (which is a non-trivial task; out of the reach for most average users; > still annoying even for web professionals; and, to top it up, you need > to do it on a site-by-site basis). There is some sense in this requirement to store the cert. It allows the browser to warn you if the cert changes later, which is what would happen if an attacker managed to intercept your connection. If you don't store the cert, one self-signed cert is the same as the next. This is similar to the SSH model; the first time you connect, you're expected to manually check by some means that you're connecting to the right server. On subsequent connections, you won't be bothered unless the key changes. I'll concede that in most cases no-one actually verifies the key in the first connection case, but at least this requires an attacker to intercept your *first* connection from a particular client, rather than just any connection. The UI for this is a bit overboard in today's browsers, but I think the general principle is sound.
Received on Tuesday, 21 October 2008 18:08:36 UTC