Re: Browser security warning from Stuart E. Schechter on 2006-12-31 (public-wsc-wg@w3.org from December 2006)

From: Stuart E. Schechter <ses@ll.mit.edu>
Date: Sun, 31 Dec 2006 09:09:12 -0500
To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
CC: <public-wsc-wg@w3.org>
Message-ID: <C1BD2EB8.E094%ses@ll.mit.edu>

   I don't have a case for this because there is another, safer, way for
enterprises to be their own trust root without using self-signed certs (in
the sense that we were discussing them.)

   In the enterprise deployment case, the enterprise can forgo a public
certification authority by becoming its own organizational certification
authority and installing its own CA root on all of the machines within its
enterprise.  I don't think these are self-signed certs in the sense that we
were discussing them.

   The reason why enterprises shouldn't use self-signed certs seems crystal
clear to me---they'll be relying on users to differentiate the genuine from
the fraudulent by looking at the cert.

> From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
> Date: Sat, 30 Dec 2006 19:38:11 -0500
> To: <ses@ll.mit.edu>
> Cc: <public-wsc-wg@w3.org>
> Subject: Re: Browser security warning
> 
> What a thread. I took a glance, but if I'm saying redundant things that
> have been dealt with, don't waste bandwidth saying redundant things to me.
> 
> 
>>    I can imagine four reasons why a site might rely on self-signed certs
>> 
>>   (1) The service is being tested and is not yet ready for deployment
>>   (2) The administrator hasn't got the $20 to get a low-end CA cert.
>>   (3) The administrator is only concerned about eavesdropping and
>>      so believes a self-signed certificate is adequate.
>>         (In reality, if an attacker can eavesdrop (s)he can probably
>>         forge packets as well.)
>>   (4) The administrator doesn't have the time/skills to install a
>>       CA cert and figures that users will click through to the page
>>       even if the cert is self signed.
> 
> You seem to be totally ignoring enterprise scenarios. I don't see why
> enterprises shouldn't use self signed certs for intra-enterprise
> applications. I see it as a hole in the trust management infrastructure
> that there are no tools for enterprises to administer certs to desktops,
> the same way they manage code updates to desktops.
> 
> So, before reading the entire thread, I resist the notion that only
> pre-shipped CA certs are "good". It may be however that we can only make
> them usable by my mom. Who does not work for an enterprise.
> 
> Welcome to the WG.
>         Mez
>

Received on Sunday, 31 December 2006 14:09:13 UTC