Bill Soley writes:
(3) Netscape is making the problem worse (yes, worse) in the next release by allowing the user to specify their own list of trusted CAs. (I will elaborate on this unpopular view below.) [...] Re: problem 3, about how allowing the user to specify their own list of trusted CAs is bad. [...] it. Even Mary Moderately-Savy might be tricked in to doing it on the false assumption that it would only affect security for the naughty pictures site (that she may not care about), and not affect security for her stock-broker. This false assumption might be based on the fact that the (legitimate) stock-broker uses a different CA.
You seem to be overstating your point a bit. The real problem here, AFAICS, is that the proposed protocol in the software wouldn't allow sufficiently fine-grained control over the certification authority approval. The user should be able to specify the conditions under which a CA is to be trusted, not simply give a blanket approval or rejection. It looks as though a set of trusted (CA, site) pairs would suffice. How about it, Netscape ? Give the user the opportunity to say "I trust certificates from Alfie's World of Key Certification regarding keys for interactions with Elvira's Copier Shack." -Futplex <futplex@pseudonym.com>