Re: [TLS] Eleven out of every ten SSL certs aren't valid

[Nicolas Williams <Nicolas.Williams@oracle.com>]

On Tue, Jun 29, 2010 at 09:29:01PM +0100, Ivan Ristic wrote:
> On Tue, Jun 29, 2010 at 8:34 PM, Nicolas Williams
> <Nicolas.Williams@oracle.com> wrote:
> > On Tue, Jun 29, 2010 at 07:29:45PM +0100, Ivan Ristic wrote:
> >> On Tue, Jun 29, 2010 at 5:33 PM, Nicolas Williams
> >> > The subject line is very funny, but, seriously, this doesn't bother me
> >> > in the least.  Why?  Because anyone can put up a site with an invalid,
> >> > self-signed, or might-as-well-be-self-signed-because-no-one-uses-its-
> >> > root-CA cert.  Therefore the number of sites with such certs is utterly
> >> > and completely _meaningless_ [m _e _a _n _i _n _g _l _e _s _s _].
> >>
> >> The problem with that view is that, while the users are experiencing
> >> all those sites with invalid certificates they are getting used to the
> >> idea that nothing bad comes from browser warnings. Then, one day, when
> >> they're accessing their bank's web site from an insecure network, they
> >> ignore the one warning they shouldn't and get owned by the MITM guy.
> >
> > You seem to be confused as to what I actually wrote.
> 
> No, not at all. I was responding to this sentence in particular:
> 
> "What matters is that the sites that ought to be using HTTPS with
> valid certs are"

[To be clear, that was followed with a sentence-ending period.]

The context was just how awful it is that 97% of servers don't have
valid certs.  There's clearly NOTHING we can do to prevent that short of
pushing for legislation (treaties?) making the act of running such
servers illegal.  If there's no much you can do about a problem, then
you focus on other things.  My immediate focus switched to whether the
servers that _matter_ have valid certs.  Was that wrong?  Yes, we can
also focus on client behavior as well, but things are not as simple as
you might think (see below).

> > There is no such "problem with [my] view" because you cannot stop people
> > from deploying servers with bad certs.  It's a _fact of life_.
> 
> The fact that we cannot stop bad certs is not relevant. Such sites are
> still reducing the effectiveness of SSL, even for the "sites that
> ought to be using HTTPS". And that was my point.

Maybe, but if there's nothing you can do about this, what do you propose
to do then?

> > Now, what our client applications do about such servers _is_ a problem.
> > If that was your point, well, we agree, and there's no need to put words
> > in my mouth.  If you want to discuss how to improve the clients (e.g.,
> > make it so there is no warning dialog, make it so you cannot connect to
> > sites with bad certs period).
> 
> I would like to see that very much (and have proposed it in the past).

OK, now we're getting somewhere.

Of course, it happens that cert pre-sharing, and SSH-style leap-of-faith
are very convenient for users who either don't want to deploy a PKI or
don't want to pay to participate in someone else's PKI.  Breaking this
will only lead to much complaining, and will risk our credibility with
users who don't have PKIs (or other authentication infrastructure).

> Unfortunately, browser vendors will never do that for the fear of
> losing customers.

And that's because there are issues that you're not considering (see
above) or not considering important, but which many of us do.

Nico
--