- From: <michael.mccormick@wellsfargo.com>
- Date: Wed, 27 Dec 2006 23:56:39 -0600
- To: <public-wsc-wg@w3.org>
Mike Smith suggested: "For sites with self-signed certs, I think there's growing support for the idea of simply not showing any security indicators at all. If we were to do that consistently across browsers, users would never see any warning dialog at all for this case, nor any padlock icon or anything else to indicate that the site has a cert." If we show no security indicator yet leave the address bar showing "https://" it raises some issues. Some users who ignore the padlock may think the site is secure. Others who notice the missing security padlock may wonder if SSL encryption is engaged or not. At the other extreme, those who suggest an error page go too far in my opinion. There are legitimate reasons for using self-signed RCAs. One problem is the padlock is binary whereas SSL is multi-dimensional. SSL can do many things simultaneously: 1. Encrypt the session. 2. Authenticate the web server (cert matches host). 3. Check certificate status. 4. Check whether certificate authority is trusted. 5. Authenticate the web browser (if mutual). Etc. To make matters worse, those things don't align perfectly to the questions an average user wants answered: A. Can eavesdroppers read my session? B. Is the web site really the one I requested? C. Have the web pages I'm seeing been tampered with? D. Is the web site reputable? Etc. Mike McCormick
Received on Thursday, 28 December 2006 05:56:31 UTC