[95442] in cryptography@c2.net mail archive
Re: New article on root certificate problems with Windows
daemon@ATHENA.MIT.EDU (Paul Hoffman)
Sat Jul 21 13:30:29 2007
In-Reply-To: <20070720195832.4sasu9czdtv0oogw@webmail.cs.auckland.ac.nz>
Date: Fri, 20 Jul 2007 07:04:02 -0700
To: pgut001@cs.auckland.ac.nz
From: Paul Hoffman <paul.hoffman@vpnc.org>
Cc: cryptography@metzdowd.com
At 7:58 PM +1200 7/20/07, pgut001@cs.auckland.ac.nz wrote:
>Paul Hoffman <paul.hoffman@vpnc.org> writes:
>>At 2:45 AM +1200 7/20/07, pgut001@cs.auckland.ac.nz wrote:
>>|From a security point of view, this is really bad. From a
>>usability point of
>>|view, it's necessary.
>>
>>As you can see from my list of proposed solutions, I disagree. I see no
>>reason not to to alert a user *who has removed a root* that you are about to
>>put it back in.
>
>It depends on what you mean by "user". You're assuming that direct action by
>the wetware behind the keyboard resulted in its removal.
Correct, I was.
> However given how
>obscure and well-hidden this capability is, it's more likely that a user agent
>acting with the user's rights caused the problem. So the message you end up
>communicating to the user is:
>
> "Something you've never heard of before has changed a setting you've never
> heard of before that affects the operation of something you've never heard
> of before and probably wouldn't understand no matter how patiently we
> explain it".
>
>(those things are, in order "some application or script", "the cert trust
>setting", "certificates", and "PKI").
Very good point.
Bigger picture takeaway: when both a user and an application can
change a crypto setting in an application (or OS), any later messages
relating to that event are likely to be confusing because they can't
be directly linked to the action. This applies to all of our
crypto-in-the-real-world, not just the trust anchor issue at hand.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
