RE: ACTION-240 :TLS errors... from michael.mccormick@wellsfargo.com on 2007-07-09 (public-wsc-wg@w3.org from July 2007)

From: <michael.mccormick@wellsfargo.com>
Date: Mon, 9 Jul 2007 12:02:54 -0500
To: <stephen.farrell@cs.tcd.ie>
Cc: <wdoyle@mitre.org>, <tlr@w3.org>, <public-wsc-wg@w3.org>
Message-ID: <8A794A6D6932D146B2949441ECFC9D68040AA14B@msgswbmnmsp17.wellsfargo.com>

This is where the risk aspect becomes important.  A site with a SSC is
fine for blogging but probably not for conducting financial
transactions.  The user needs advice regarding the risk of a TLS error
versus the risk of the transactions s/he plans to conduct on the site.
Mike 

-----Original Message-----
From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie] 
Sent: Monday, July 09, 2007 11:58 AM
To: McCormick, Mike
Cc: wdoyle@mitre.org; tlr@w3.org; public-wsc-wg@w3.org
Subject: Re: ACTION-240 :TLS errors...

michael.mccormick@wellsfargo.com wrote:
> Hi Bill,
> 
> 1. A current fundamental problem IMO is web agents display security 
> errors without providing the user with any means to interpret them 
> from a risk perspective.  Most users don't want to know technical 
> details of a TLS error; they won't to know what the risk implication 
> is.  So I certainly hope it's within WSC scope to make a 
> recommendation in this area.
> 
> 2. A self-signed cert that causes an error message by definition was 
> not issued by a trusted authority.  Should users trust web sites to 
> act on their own behalf as certificate authorities?  It's an 
> interesting question.  One has to keep in mind that a malicious https 
> web site is probably going to use a SSC.  Whereas the only reason a 
> benign web site should use a SSC is economic; to avoid the cost of 
> paying money to VeriSign et al.  Maybe the world needs a free but 
> trustworthy CA, but that problem is outside WSC scope.  I think we can

> say the presence of a SSC indicates somewhat higher risk than a TLS 
> cert issued by a reputable trusted CA.

While I sympathise, I'm not sure I agree.

How may times are phishes directed to hacked servers? Surely many of
those have good server certs?

So, I don't agree that an SSC means "more risky" in general.

However, for someone claiming to be a bank or commerce site then
correct. For a "community" site, I don't think the SSC determines risk
at all well,

S.

Received on Monday, 9 July 2007 17:03:22 UTC