[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: user overrides


On Sat, 5 Apr 1997, Carl Ellison wrote:
> At 04:36 PM 4/5/97 -0500, Marc Branchaud wrote:
> >Subject: Re: Certificate Cancellation Notices (CCN) 
> >A verification engine could present the user with a message like "Unable
> >to validate this cert online, but the last time you validated it was on
> >YYYY/MM/DD_HH:MM:SS and the result was X."  The user could then decide if
> >he should accept/reject the cert anyway or wait until he can get online
> >again.
> That's an interesting suggestion, Marc.  For things like FTP proxies, there's 
> no user and no chance for this, but for applications with a user interface, 
> this is probably exactly what the user would want. ...it's like letting the 
> user who is driving the application (e-mail, browser, ...) manually extend a 
> cert's validity interval and therefore act like a super-issuer.
> Of course, this brings up a chronic sore point of authentication:  that the 
> end user almost never wants it.  Authentication either lets work proceed or 
> stops it.  So, if you can turn off the security checks, you get more work 
> done, fewer hassles, ....  Which will a user do -- turn security on or off?
> I wonder if our NSA list members could tell horror stories of such user 
> behavior when it really matters, as opposed to just with Internet e-mail....

To me, the issue is online vs. offline operation.  If the validation
engine can't get an answer (because it's offline) it should tell the user
the result of the previous validation, if any, and let the user decide.
This is not the same as letting the user override the checks -- they still
happen every time.  It's only when an answer can't be obtained that the
user should be given the option to proceed.

< mount /dev/soapbox >
Deep down, I feel that an Internet protocol should have an online
orientation, and that offline capabilities should be exceptional, not the
rule.  I find it difficult to think of any services that wouldn't have
some kind of immediate Internet access (aside from reading email on an
airplane).  Sure, the NSA & their ilk might have some special needs, but
the SPKI is for the Internet (which is not the entire world, yet) and it
should operate in a way that is best for the Net.
< umount /dev/soapbox >

Sigh.  Wish I could see y'all in Memphis...


Version: 2.6.3ia
Charset: noconv