- From: Serge Egelman <egelman@cs.cmu.edu>
- Date: Mon, 30 Jul 2007 18:46:58 -0400
- To: public-wsc-wg@w3.org
We went over this. The $20 GoDaddy example I cited before. I registered a domain and purchased a certificate using PayPal, and it's all under Stephen's name. Nothing is linked back to me, there is zero accountability (BTW: Johnathan said that he'd pull the root if this were the case, though I doubt that's happened). If I were a phisher, and this scheme worked (let's pretend that user's will notice, understand, and obey the SSC indicators---which we currently know to not be the case), I'd start dropping $20 for each site to get a real CA-signed certificate. The current figures state that phishers make anywhere from $250-1000 per victim. Dropping $20 really isn't a big deal. Hell, dropping $500 on an EV cert may be worth it, if we can ever come up with useful indicators, but that's a different matter... I really think that we should just classify non-EV and SSC certificates as the same thing: only useful for encryption. We show an encryption indicator, which will only be noticed by the tech-savvy users anyway. And then we primarily focus on consistency. serge Thomas Roessler wrote: > On 2007-07-30 18:17:10 -0400, Serge Egelman wrote: > >> And again, how is the self-signed certificate any more >> trustworthy than a low-assurance certificate? It would seem that >> the best solution should be to *only* keep track of consistency. > > What's your definition of low-assurance? "unknown CA"? > > (In fact, you're probably right that the same unknown-CA cert seen > over an extended amount of time should be seen as as good as a > self-signed one, and be subject to the same kind of consistency > tracking.) > > Cheers, -- /* PhD Candidate Vice President for External Affairs, Graduate Student Assembly Carnegie Mellon University Legislative Concerns Chair National Association of Graduate-Professional Students */
Received on Monday, 30 July 2007 22:47:29 UTC