is that the interface doesn't match the intentions. When you go to an SSL protected site, you see a little padlock icon, and that proves the site is secure. Well, indeed it does; it proves (more or less) that you really are talking to the owner of that certificate, BUT who the hell is that? If you want to find out you have to drill down about 5 clicks and read some ASN.1 gibberish.
What people (apparently) want the padlock icon to mean is "you are talking to someone who is an honest, established businessman" (at least, that's what Verisign's business model would have us believe). If you are going to force this semantic overloading into SSL, then what you require is not a new type of certificate, but to make it easier for the ordinary user to understand the manifold fields of existing certificates.
In particular, when signing a certificate, the CA should only sign those items in the subject field which have been verified, replacing the rest with "not verified"; and
when a link is established, several items in the subject field should be displayed on the screen in an easy to read format like:
" <CA> certifies that you have securely linked to the website <CN>, registered in <L>. At <Not Before>, the real owners of this website were <O>"
So this will end up looking like:
" Thawte Consulting cc certifies that you have securely linked to the website www.hushmail.com>, registered in Anguilla. At 7/05/2005, the real owners of this website were Hush Communications Anguilla, Inc."
or like:
" Cheap Certs Inc. certifies that you have securely linked to the website www.example.com.ru, registered in Russia. At 7/05/2005, the real owners of this website were not verified"
(Obviously numerous variants on the basic idea are possible, both in the data displayed and the exact manner of advising the user.) The establishment of an SSL link is now accompanied by information which lets the user know what that actually means in this particular case. Either might be sufficient for one's particular purpose, but now it is in a format which lets a nontechnical person easily decide.
Of course in Firefox this could easily be done with an extension.
(Oh, in case anything is licensable or whatever here, I hereby license this idea to be freely used by anyone, provided only that they don't try to encumber it to prevent others doing the same.)
What people (apparently) want the padlock icon to mean is "you are talking to someone who is an honest, established businessman" (at least, that's what Verisign's business model would have us believe). If you are going to force this semantic overloading into SSL, then what you require is not a new type of certificate, but to make it easier for the ordinary user to understand the manifold fields of existing certificates.
In particular, when signing a certificate, the CA should only sign those items in the subject field which have been verified, replacing the rest with "not verified"; and
when a link is established, several items in the subject field should be displayed on the screen in an easy to read format like:
" <CA> certifies that you have securely linked to the website <CN>, registered in <L>. At <Not Before>, the real owners of this website were <O>"
So this will end up looking like:
" Thawte Consulting cc certifies that you have securely linked to the website www.hushmail.com>, registered in Anguilla. At 7/05/2005, the real owners of this website were Hush Communications Anguilla, Inc."
or like:
" Cheap Certs Inc. certifies that you have securely linked to the website www.example.com.ru, registered in Russia. At 7/05/2005, the real owners of this website were not verified"
(Obviously numerous variants on the basic idea are possible, both in the data displayed and the exact manner of advising the user.) The establishment of an SSL link is now accompanied by information which lets the user know what that actually means in this particular case. Either might be sufficient for one's particular purpose, but now it is in a format which lets a nontechnical person easily decide.
Of course in Firefox this could easily be done with an extension.
(Oh, in case anything is licensable or whatever here, I hereby license this idea to be freely used by anyone, provided only that they don't try to encumber it to prevent others doing the same.)
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/77/292#292