- From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
- Date: Mon, 09 Jul 2007 17:57:30 +0100
- To: michael.mccormick@wellsfargo.com
- Cc: wdoyle@mitre.org, tlr@w3.org, public-wsc-wg@w3.org
michael.mccormick@wellsfargo.com wrote: > Hi Bill, > > 1. A current fundamental problem IMO is web agents display security > errors without providing the user with any means to interpret them from > a risk perspective. Most users don't want to know technical details of > a TLS error; they won't to know what the risk implication is. So I > certainly hope it's within WSC scope to make a recommendation in this > area. > > 2. A self-signed cert that causes an error message by definition was not > issued by a trusted authority. Should users trust web sites to act on > their own behalf as certificate authorities? It's an interesting > question. One has to keep in mind that a malicious https web site is > probably going to use a SSC. Whereas the only reason a benign web site > should use a SSC is economic; to avoid the cost of paying money to > VeriSign et al. Maybe the world needs a free but trustworthy CA, but > that problem is outside WSC scope. I think we can say the presence of a > SSC indicates somewhat higher risk than a TLS cert issued by a reputable > trusted CA. While I sympathise, I'm not sure I agree. How may times are phishes directed to hacked servers? Surely many of those have good server certs? So, I don't agree that an SSC means "more risky" in general. However, for someone claiming to be a bank or commerce site then correct. For a "community" site, I don't think the SSC determines risk at all well, S.
Received on Monday, 9 July 2007 16:55:40 UTC