On Wed, Jun 20, 2001 at 08:12:49AM -0600, Vernon Schryver wrote:
| > Why should anyone be
| > required to pay such an outrageous tax simply to be able to protect
| > their home photo collection from being tampered with in transit to
| > a visitor's browser?
| >
| > Granted, we could all become our own CAs, but that scares end users
| > and reduces the trust model because we don't want to train users to
| > accept a new CA cert from every site they go to.
|
| No, on several counts:
|
| 1. The only reason that might scare end users is because of scary
| words from browsers, and then only for HTTP. Browsers are not
| too-smart-by-half SMTP MUA's not SMTP servers. There are no scary
| CA pop-ups from your browser-broken-MUA if you use SMTP for mail
| submission.
|
| 2. there are no pop-ups, scary or otherwise, when you and other
| SMTP client and server operators exchange certs for sendmail's use.
|
| 2. becoming your own CA is easy, once someone tells you the magic
| Openssl incantation.
Unfortunately, the become your own CA solution doesn't actually help
deal with the issue of man-in-the-middle attacks. The threat under
discussion is that there is a proxy modifying content; we'd like to
prevent that. If the server sends a key without reference to some
established authority, then the MITM may simply replace that key with
one of its own, or translate the http-over-SSL request into a
cleartext http request, or otherwise munge the session, because there
is no way for the browser to figure out if the self-signed key is the
one the server sent.
(I find it unfortunate because often, become your own CA is a good
idea, and this is one of the few cases where its not.)
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume