On Fri, 2 Jan 2009 15:49:24 -0500 Deepak Jain <deepak@ai.net> wrote:
Of course, this will just make the browsers pop up dialog boxes which everyone will click OK on...
And brings us to an even more interesting question, since everything is trusting their in-browser root CAs and such. How trustable is the auto-update process? If one does provoke a mass-revocation of certificates and everyone needs to update their browsers... how do the auto-update daemons *know* that what they are getting is the real deal?
[I haven't looked into this, just bringing it up. I'm almost certain its less secure than the joke that is SSL certification].
If done properly, that's actually an easier task: you build the update key into the browser. When it pulls in an update, it verifies that it was signed with the proper key. --Steve Bellovin, http://www.cs.columbia.edu/~smb