- From: Peter Williams <home_pw@msn.com>
- Date: Sat, 12 Feb 2011 06:53:30 -0800
- To: <henry.story@bblfish.net>
- CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-w54D9BA99930352FBEF167892EE0@phx.gbl>
Lets put into the record some solid facts about on SSL + UI - some history about changing the UI so SSL continues to evolve to social expectations. We (the web) do have some experience in browser UI + SSL tying, within the last 5 years. Once the practice of corporate outgoing MITM (SSL bridging) became institutionalized, the scales of social justice had to re-balance. After all, the public trust on SSL was being challenged: since you are NO longer talking only to the named site when the browser "padlock" shows. Of course, you may NOW be talking to the corporate SSL proxy, that talks to the named site "on your behalf". What had to worry the product managers and their browser brands was the likelihood that from corporate MITM bridging it was only a small step to ISP MITM bridging for home users using the very same browser release. ISPs, after all, already run major caching proxies for non-https traffic (to the benefit of all internet users). And, the inherent last-mile property of the ISP has long made this focus-point the target of "internet governance", much like local phone companies have to exploit the control-point to run CALEA for phone tapping (warrants required) and trap&trace pen-recording (just ask) In the EV Forum, folks wanted to support the introduction iof the SSL MITM philosophy - a change in the core security model of https that address "social pressures" on privacy, snooping, spying, consent, etc. But, they also wanted those scales to rebalance, remember. ONe should be proud of that. As a result, folks "designed." The net result was that a special class of server certs can now be purchased - the EV cert. Its only available from a subset of the CAs present by default in common browser or OS trust lists. Using UI metaphors used commonly by the dominant browser makers, when talking to that class of end-site one can have confidence that there is no MITM. Otherwise, without the chosen UI metaphor of presenting a green background to the browser address bar, a billion PC users were supposed to get re-trained to know that the "padlock icon" in the status bar no longer means what it once did. This was supposed to train folks that there were new systemic threats "at the trust level" - that your very assumptions (formed over the previous 10 years of public training) may well now be being undermined, by civil society itself. There was more UI change than the green/not-green address bar itself. Design practice had to change, to also require that all popups showed the address bar - which could thus have green and non-green backgrounds. In the infocard space, there were further ramifications - that are the basis of why-we-exist rationale for the informatio card forum, closely tied into the openid foundation's mission. SO I hope that this story has introduced evidence of 5 topic tyings; evidence of folks "thinking big" and cooperating under the leadership of some forum. social governance, on issuers and subscribers the treat of trust deceptions due to intentional MITM by civil parties UI rules on address bar colorings and their presence on popups SSL library and trust anchor design, that enforces the chaining rules on EV server certs The ability to disable or reject EV cert trust domains. Now, this kind of forum leadership may not be W3C style (Im still finding out....). But, it does exist. Lets not assert it cannot be done. It can, if there is the political will. One can get coordinated changes in SSL related UI done by browser vendors, as the evidence shows. Now, lets also not assert that its easy, trivial or easily rationalized. One is dealing with a billion folks' training about security in civil society, in a world where lots of folks exploit for "various social purposes" trust duping. One is dealing with horrendous crypto-politics; and one is dealing with governments often working in secret, with "trusted vendors" and providers operating under "secret" orders. One is also dealing with mega-dollar lobbying, which can get pretty vicious (think Congressional committees, in the 50s). One is also dealing with the moral of story lots of US kids learn about: about some local patriot on a horse making a famous message run, in Boston, in 1770 or something. Subject: Re: browser change; little, nothing or a lot? From: henry.story@bblfish.net Date: Sat, 12 Feb 2011 10:45:16 +0100 CC: public-xg-webid@w3.org To: home_pw@msn.com On 12 Feb 2011, at 02:24, peter williams wrote: One output of the group can be to outline changes to browsers (and http libraries used in multi-site apps). yes. We even have ISSUE-14 for the "WebID and browsers" We tended to start with: FOAF+SSL has to work with the last 5 years’ worth of deployed browsers. Yes. That means it is immediately deployable and useable, allowing other things to develop in linked data space. But, we also see threads that say: Change the UI There are different issues here: - obvious changes, such as Firefox certificate selection for example is obviously bad/no design - bugs that need to be fixed whatever happens (such as Safari sending client certs without the user being able to stop it or being aware of it, once he has made an initial decision) - UI improvements: + displaying what identity the user is logged in as and allowing him to change it + tying cookies and all more tightly to the identity chosen by the user + using information from the WebID to improve UI of cert selection + allowing user to jump from cert selector to Profile Page in one click
Received on Saturday, 12 February 2011 14:54:03 UTC