Nick Lockheart wrote: First of all, all your concerns come from a fact that TLS invoving intelligent intermediate entities of CAs, including root CAs, is against the E2E principle. That you depends on the CAs means your will be disturbed or controlled by the CAs.
While this is not what I had in mind as a proposal, I think it would be good if browsers, as a stating point, simply had "security levels" with agreed upon icons, colors, and requirements that all browser vendors followed, and educated users on their meaning.
Security level? But, TLS does not offer security at all. The reality demonstrated by diginotar is that TLS blindly trusting untrustworthy CAs is only as secure as plain text communication over the Internet blindly trusting untrustworthy ISPs. Compromising a CA is as easy as compromising an ISP. > I would add that SSH Clients also *remember* the server's fingerprint, > thus, provided that you reach the real server the first time you > connect, you will be warned by the SSH Client if the server fingerprint > has changed. That should be best possible. TLS with unreliable/untrustworthy CAs should be thrown away. It may be a good idea to make DH a mandated option of TLS. Masataka Ohta
