Stupid ideas never die do they

Posted Aug 16, 2013 20:10 UTC (Fri) by jmorris42 (guest, #2203)
Parent article: Prompt-free security for GNOME

If I ever get an application that refuses to allow me to connect to a self signed cert I can promise that app will be promptly removed, rolled back to a working version or patched. Firefox included.

Silently drop the connection indeed!

How many articles have we read, including right here, that the whole cert authority trust model is broken anyway. So we have to pay anyway, even for development servers? Can't believe a room full of developers let that slide, but it is GNOMEs... :)

Yes, security theater should be minimized, but like everything else it should be simplified as much as possible but no further.

Stupid ideas never die do they

Posted Aug 22, 2013 12:20 UTC (Thu) by epa (subscriber, #39769) [Link]

Indeed, surely the whole point is to leave policy decisions to the user but provide an easy way to let the user specify his intent. The suggested change removes an annoying prompt, but it also removes any way for the user to specify the policy of whether to trust the site or not, so it's throwing the baby out with the bathwater.

(FWIW, nowadays if I get the Firefox certificate prompt, I usually just edit the address bar to change https: to http:. That works most of the time and, of course, the browser which complains so loudly about a self-signed certificate is quite happy to use an entirely unencrypted connection with no complaints whatsoever...)

Stupid ideas never die do they

Posted Aug 30, 2013 18:10 UTC (Fri) by wookey (guest, #5501) [Link] (1 responses)

Right. I see these prompts quite often these days - usually because numerous debian/free software sites use cacert-based certs and the base certs are not in the 'official' browser lists. The 'yes, yes, I know we're bloody hippies' prompt-dance-set is quite annoying but simply not being allowed access would be a big pile more annoying. Or do I misunderstand the effect of the proposed change?

And is there some prospect that the idiocy that makes many fine sites (such as Debconf's) pop up lots of scary warnings will go away one day?

Stupid ideas never die do they

Posted Aug 30, 2013 18:28 UTC (Fri) by raven667 (subscriber, #5198) [Link]

If I understand the proposal it was to make an easier certificate management tool so that instead of having a dialog with your application when it sees a cert you haven't approved that it instead references you to the management tool where you can easily download, inspect and approve the cert. The cert management tool should also make it easy and straightforward for an administrator to pre-load trusted certs, the end result being that you don't have avoidable cert issues in your applications.

That subtly changes the interaction from one where your application randomly pops up scary dialogs where the only sane response is to click "yes, do the thing I already told you to do, and stop bothering me, darnit!" to one where the user/admin is taking a positive action "please add this cert/authority, I trust it" and taking some ownership of certificate trust.

The hope is that this change and features added to the cert management tool can make a lot of scary warnings go away.

Stupid ideas never die do they

Posted Sep 4, 2013 10:44 UTC (Wed) by njwhite (guest, #51848) [Link]

The problem is that the vast majority of users don't know what MITM is, so will just click "override and let me do what I asked you" if prompted, obviating SSL completely.

I presume rather than silently drop the connection it would drop it with an error page saying something like "Security error" with technical details further down. Anyone who knows what MITM is should then be competent to use a companion certificate manager to import self-signed certificates, corporate ca certificates, etc. Anyone else has no business connecting to the site in question.