[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #13607 [TorBirdy]: TorBirdy should have an option to distrust all certificate authorities
#13607: TorBirdy should have an option to distrust all certificate authorities
-----------------------------+---------------------
Reporter: sajolida | Owner: ioerror
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: TorBirdy | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+---------------------
Comment (by sajolida):
Note that I'm not suggesting to make this the default option, but have it
opt-in. You already have other options like this I think.
Regarding TOFU and usability. I can think of similar processes in other
software that work pretty well:
- In OTR you do TOFU without even noticing it. Then you have option to
further identify people if you wish (and you are recommended to do so).
- In Claws Mail in Tails, there's currently no CA verification and people
have to do TOFU and are prompt with the fingerprint of the server they
connect to and are proposed to trust it for future uses. I know that Claws
is not very fancy and has many UX issues, but I don't remember people
complaining about this particular step.
So TOFU can work without having to lead people through scary warnings and
exceptions like Firefox does. Because the certificate scenario in the case
of email is very different as I explained earlier. It resembles more the
scenario of OTR than the scenario of browsing a random HTTPS website
because it's a long-term usage with a single entity.
On top of such simplistic TOFU mechanism, in the case of Torbirdy it would
actually be possible to do a first sanity check of the certificate against
its CA before proposing the TOFU. Right now you are doing "trust on each
use" by verifying the same certificate from scratch each time through any
available CA. I think that trusting it only once would definitely be
better.
So we could reuse that information in the UX as well, and say something
like: "Hey, this certificate is new. Do you want to store it and trust it
permanently from now on? Note that we managed to verify it successfully
against its CA NameOfTheCA so everything looks good."
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13607#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs