[HTTPS-Everywhere] what does HTTPS-Everywhere consider a "valid" X.509 certificate? [was: Re: Custom rules]

https-everywhere at lists.grepular.com https-everywhere at lists.grepular.com
Sat Oct 16 13:57:24 PDT 2010 

On 16/10/2010 21:25, Daniel Kahn Gillmor wrote:

>> Unauthenticated encryption is worthless because it's too hard to explain to
>> the people who need it.
> 
> Amen.  This is doubly true because the authentication is only the first
> step of what's often a multi-stage process that is otherwise opaque to
> the user.  In order to decide whether to take the next step of the
> multi-stage process without having given the user the full guarantee, we
> need to interrupt the user to go forward and ask them questions that
> they also probably don't understand.
> 
> For example, faced with an unauthenticated certificate in an https
> session, you can't just show a busted-lock icon in the browser, and then
> go ahead and load the web page anyway on the theory that the user now
> knows it's unauthenticated encryption and make the decision from there
> (even if we think the user understands the idea of unauthenticated
> encryption).
> 
> If you did that, you'd also have to decide while making the http request
> which cookies to send to the web server (possibly compromising the
> user's session if this was in fact an impostor); which POST or GET data
> is acceptable to send (all of which will influence what page is emitted
> by the web server); and while rendering the page, you'd need to decide
> whether to apply any of the other various same-origin policy decisions
> in the browser relative to the other content and scripts in the page.
> And so forth.
> 
> So not only are you asking the user to understand a concept that they
> don't quite get -- you'd often need to ask them to make active,nuanced
> decisions based on that concept in what are often intrusive or confusing
> situations.
> 
> Resolving the authentication first avoids these problems entirely.

This is why I suggested it as a configuration option. By default, users
would only have rules enabled which don't trigger certificate warnings.
Users who know what they're doing and want to manually check
certificates, or add root certificates or use addons like Perspectives
could enable the rest of the rules too.

-- 
Mike Cardwell - Perl/Java/Web developer, Linux admin, Email admin
Read my tech Blog -              https://secure.grepular.com/
Follow me on Twitter -           http://twitter.com/mickeyc
Hire me - http://cardwellit.com/ http://uk.linkedin.com/in/mikecardwell

More information about the HTTPS-everywhere mailing list