- From: Stuart E. Schechter <ses@ll.mit.edu>
- Date: Wed, 27 Dec 2006 16:22:06 -0500
- To: "Doyle, Bill" <wdoyle@mitre.org>, <public-wsc-wg@w3.org>
Bill D. wrote: > I feel that a self signed cert is a trust between the user and the > site. And when was the last time you used a self-signed cert and checked that the hash of the cert matched the hash you knew for the site? > Turning off security indicators (padlock - url color) is one way to > remind the user to keep tabs on the site and to verify that trust > should continue to be extended. Studies have shown that users don't look for or notice the absence of the lock icon---even when entering their banking passwords. I do not see any value in reminding users to "keep tabs on the site and to verify that trust". There are no other meaningful ways to verify trust in a site---everything else is easily forged. > I agree that self-signed certs should be viable, but because they may > not be supported by programmatic mechanisms to revoke the cert they are > not in the same category as a CA generated cert. The authenticity of a self-signed cert can only be authenticated out of band. That means asking users to enter in the hash code of the cert from a trusted source. (Asking users to verify hashes will cause security failures---users will just click "verified".) Yes, this is hard. However, very few users should be accepting self-signed certificates as the implications of doing so are only understood by the most expert of users.
Received on Wednesday, 27 December 2006 21:21:46 UTC