[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
user overrides
At 04:36 PM 4/5/97 -0500, Marc Branchaud wrote:
>Subject: Re: Certificate Cancellation Notices (CCN)
>A verification engine could present the user with a message like "Unable
>to validate this cert online, but the last time you validated it was on
>YYYY/MM/DD_HH:MM:SS and the result was X." The user could then decide if
>he should accept/reject the cert anyway or wait until he can get online
>again.
That's an interesting suggestion, Marc. For things like FTP proxies, there's
no user and no chance for this, but for applications with a user interface,
this is probably exactly what the user would want. ...it's like letting the
user who is driving the application (e-mail, browser, ...) manually extend a
cert's validity interval and therefore act like a super-issuer.
Of course, this brings up a chronic sore point of authentication: that the
end user almost never wants it. Authentication either lets work proceed or
stops it. So, if you can turn off the security checks, you get more work
done, fewer hassles, .... Which will a user do -- turn security on or off?
I wonder if our NSA list members could tell horror stories of such user
behavior when it really matters, as opposed to just with Internet e-mail....
- Carl
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
Follow-Ups:
References: