RE: Browser security warning

 
Mike Smith suggested:
"For sites with self-signed certs, I think there's growing support for
the idea of simply not showing any security indicators at all.  If we
were to do that consistently across browsers, users would never see any
warning dialog at all for this case, nor any padlock icon or anything
else to indicate that the site has a cert."

If we show no security indicator yet leave the address bar showing
"https://" it raises some issues.  Some users who ignore the padlock may
think the site is secure.  Others who notice the missing security
padlock may wonder if SSL encryption is engaged or not.

At the other extreme, those who suggest an error page go too far in my
opinion.  There are legitimate reasons for using self-signed RCAs.

One problem is the padlock is binary whereas SSL is multi-dimensional.
SSL can do many things simultaneously:
1. Encrypt the session.
2. Authenticate the web server (cert matches host).
3. Check certificate status.
4. Check whether certificate authority is trusted.
5. Authenticate the web browser (if mutual).
Etc.

To make matters worse, those things don't align perfectly to the
questions an average user wants answered:
A. Can eavesdroppers read my session?
B. Is the web site really the one I requested?
C. Have the web pages I'm seeing been tampered with?
D. Is the web site reputable?
Etc.

Mike McCormick

Received on Thursday, 28 December 2006 05:56:31 UTC