'Re: ssl auth failure gui: does "continue" do what I think it does?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: ssl auth failure gui: does "continue" do what I think it does?
From:       Jeff Mitchell <mitchell () kde ! org>
Date:       2009-06-09 1:50:20
Message-ID: 4A2DBFDC.5060405 () kde ! org
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

Matthew Woehlke wrote:
>> But there isn't a choice.  Certificates are essentially the only
>> encryption method feasible for most sites, because of e.g. browser
>> support.  So if all you need is encryption, and not authentication, you
>> still have to use the same system.
> 
> But *you don't get encryption* this way

But you do.

> at least not in the sense of 
> "secure communication between two parties".

If you define security as encryption + authentication.  Which is normal.
  But you can have encryption without "security".

> You get the illusion of 
> security with no way to know if you actually /have/ security. That's the 
> point.

No, you get encryption, and you don't get authentication.  There's
nothing illusive about it at all.

>> There are plenty of times when I couldn't care less.  There are lots of
>> random web sites out there that have encryption turned on where I
>> couldn't care less if I'm seeing the "legit" data or not.  Mailing list
>> archives, random bugzillas, etc.  If I'm just a user trying to browse
>> around, it doesn't matter to me whether the certificate is "invalid" or
>> not -- I'd browse to it even if it had no encryption/certificate at all.
> 
> Sure, but that's different. It's one thing to use HTTPS because the 
> other end does and be aware that you have roughly the same level of 
> security as using raw HTTP. Again, I don't consider that "encryption"; 
> you have /not/ achieved any real security.

It's encryption.

> IMO it should be clear that unauthenticated encryption is about as 
> valuable as none at all.

It's as valuable as unauthenticated encryption.

> It might actually be useful encryption, but it 
> might also be a false sense of security; without authentication, you 
> don't know.

And sometimes you don't care.  This was my point, which you've basically
ignored.

But it's all a tangent, because we all agree that "continue" in the
dialog box is not clear as to the result of clicking on it.  So the real
question is: who is going to step up and fix it?

(Secondary question: Who is going to ensure that the dialog box
communicates the uncertainties of self-signed certificates without
making users feel like the world might end if they decide to proceed?)

--Jeff

["signature.asc" (application/pgp-signature)]

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread] 