CA safety (Re: Microsoft supporting tyrants?)

• Previous message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Next message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31/03/11 09:59, Bernhard Reiter wrote:
> Am Freitag, 25. März 2011 17:36:51 schrieb Werner Koch:
>> Of course I assume that the user won't go over the list of root CAs and
>> delete almost all of them.  Barely nobody does that.
> People have to be encouraged to do this and helped
> with lists and tools. It will raise the security bar a bit
> on this suboptimal system.

Not if the system also includes the human who needed the help.

If they need the help then they they can't manage or understand trust 
and don't know how to respond to the untrusted warning messages they are 
more likely to get having made the change.

If they aren't going to get any additional untrusted warning messages 
then it won't make any difference what you do.

if they do get the messages it will be in response to sites that they 
want to use. The change won't help them asses the validity of the site 
certificate, and may increase their chance of being deceived.

So you've changed the system, but it is hard to show that you have made 
it more secure.

Sam

• Previous message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Next message (by thread): CA safety (Re: Microsoft supporting tyrants?)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]