Fixing user experience for self-signed certs
L. David Baron
dbaron at dbaron.org
Mon Jan 10 20:23:42 CST 2011
On Monday 2011-01-10 13:19 -0600, Matt Mackall wrote:
> Assuming that all binary distributors integrate some form of CA cert
> database (this is both generally a good thing, and happening rapidly),
> we need to fix our story for self-signed certificates.
>
> Possibilities include:
> b) extend configuration so that exceptions can be painlessly added
In addition to the model (which I think you're proposing) of having
an exception for a particular site and allowing any key for a site
on the exception list, it might be worth considering the model of
associating exceptions with key fingerprints.
Fetchmail (see 'man fetchmail') allows use of this model or the
standard CA model (or both or neither). In fetchmail, each mail
server configuration can (a) require checking the certificate
against the list of root CAs using options 'sslcertck' and
optionally 'sslcertpath' and/or (b) require checking the fingerprint
(MD5 hash) of the server's certificate using the 'sslfingerprint'
option.
I suspect at least some of the "add an exception" user interfaces
also work in terms of site-key pairs rather than just adding sites
(or, ugh, just adding keys).
(I don't know how much security an MD5 hash of the key actually
provides, though.)
-David
--
L. David Baron http://dbaron.org/
Mozilla Corporation http://www.mozilla.com/
More information about the Mercurial-devel
mailing list