2 May 2007 slamb   » (Journeyer)

clarkbw, re: security choices

C. You are connected to a site pretending to be www.url.com … Something evil could be going on! Someone might be trying to trick you! Though odds are this isn’t true, it’s likely that guilt or the legal department required us to put this dialog up just for this case.

No, no, no, no, no! This text is the entire purpose of SSL. If it's really unlikely, then thousands of people wouldn't have created an entire ecosystem around validating identities. You have to realize that a private conversation is totally worthless if you don't know who you are talking to, and if nothing warns you when that validation fails, why would you have validation at all? This text wasn't added by lawyers; it was added by people who just spent man-centuries creating cryptosystems which would be absolutely worthless if this text were not displayed.

This dialog box shouldn't say "don't worry, this is probably something wrong with their setup. Just go on, send them your credit card number like always." That would defeat the purpose of the system so bady I'm having trouble coming up with an analogy. It's sort of like a policeman seeing someone trying to pick a lock and opening it for them, then standing by, smiling, as they walk off with all the valuables the lock was protecting. If you downplay the security concerns of sending important information over this link, you're basically telling the lock "sometimes keys screw up, just let him in." (I warned you the analogy sucked.)

It should be alarming! It needs to be alarming enough that if someone goes to their bank's website and sees this dialog box, they won't enter their password. Instead, they'll call their bank on the telephone and tell them that they've spotted fraud. This is the correct action - it's either true or it will get the correct people angry at the security people who screwed up the configuration. It's very rare for a major bank to totally botch their security setup like this.

On the other hand, it shouldn't be so alarming that it will prevent people from browsing some random untrusted website which they have no intention of sending important information to. It's not uncommon for people to require SSL on a site, not bother paying the money to have it signed by a widely- trusted CA, and have instructions for people with particularly sensitive passwords to import the certificate into their browser. That's not a site configuration problem, either - it's a "you haven't given the computer a way to verify their identity" problem.

I agree that examining a certificate and finding the problem is unrealistic for most people. Maybe the details of the certificate should be in an "Advanced" pull-out or something.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!