[whatwg] fixing the authentication problem
mart at degeneration.co.uk
Tue Oct 21 18:08:36 PDT 2008
Eduard Pascual wrote:
> Not similar at all: for unencrypted connections, you have the "don't
> bother me again" option, in the form of an obvious checkbox; while
> with self-signed certificates you are "warned" continuously; with the
> only option to "install" the certificate on your system to trust it
> (which is a non-trivial task; out of the reach for most average users;
> still annoying even for web professionals; and, to top it up, you need
> to do it on a site-by-site basis).
There is some sense in this requirement to store the cert. It allows the
browser to warn you if the cert changes later, which is what would
happen if an attacker managed to intercept your connection. If you don't
store the cert, one self-signed cert is the same as the next.
This is similar to the SSH model; the first time you connect, you're
expected to manually check by some means that you're connecting to the
right server. On subsequent connections, you won't be bothered unless
the key changes.
I'll concede that in most cases no-one actually verifies the key in the
first connection case, but at least this requires an attacker to
intercept your *first* connection from a particular client, rather than
just any connection.
The UI for this is a bit overboard in today's browsers, but I think the
general principle is sound.
More information about the whatwg