[Security] TLS Certificates Verification

Jonathan Dickinson jonathanD at k2.com
Thu Aug 21 07:35:36 CDT 2008


> -----Original Message-----
> From: security-bounces at xmpp.org [mailto:security-bounces at xmpp.org] On
> Behalf Of Jonathan Schleifer
> Sent: Thursday, August 21, 2008 2:16 PM
> To: XMPP Security
> Subject: Re: [Security] TLS Certificates Verification
>
> Am 21.08.2008 um 09:56 schrieb Jonathan Dickinson:
>
> > 1. Explain the process to the user.
> > 2. Download CA and IC certs and install. Download revocation lists
> and
> > merge.
> > 3. Create certificate with password.
> > 4. Ask IC to sign cert.
> > 5. [Skippable] Place the certificate on a thumbdrive and configure
> the
> > program to read it from there.
> > 6. [Skippable] Back the certificate up to either CD-RW (recommended)
> > or XMPP server (if we can figure that one out).
> > 7. Explain to the user how they can set up an encrypted messaging
> > channel.
> > 8. Finish
>
> You have to be kidding. No average user will ever do that. Look at
> Gajim: The only thing the user needs to verify is a short SAS. And even
> that seems to me too much for some people. So how can you have 8 steps
> when even a short SAS is already too much for some?

Please tone it down Jonathan. Firstly this wizard is only run ONCE. Three of the steps are informational. Two of the steps are automatic. Two of the steps are skippable. That leaves, what, one step the user actually needs to complete? Firefox which has appraised on this list so much for its good security UI has about three windows to add a certificate exception.

The GNOME  developers spend no end proclaiming that it has a good UI, and I agree. Are you just going to take the user through the whole process without first explaining what certificates are? Great UI. Are you not going to explain what good ideas to make sure they stay safe? Fantastic UI. I am sure aunt Tillie would happily just enter a password for the pfx, but lo be tide when she loses her key.

Not to mention that once it's done, it would be _faster_ than your UI where users need to confirm session keys. One click on the toolbar 'encrypt session' done. You have two windows there, one saying here is your key, another saying are you sure you verified it.

Go read up on the GNOME UI docs because they did a fantastic job. They literally consider EACH and EVERY button.

_Please_ can we move on from Gajim and ESessions. I am sure you are proud of your work, and you should be, but your way isn't the only way.

>
> --
> Jonathan



More information about the Security mailing list