[145416] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI
daemon@ATHENA.MIT.EDU (Paul Tiemann)
Tue Jul 27 20:10:27 2010
From: Paul Tiemann <paul.tiemann.usenet@gmail.com>
In-Reply-To: <20100727220118.GM566@oracle.com>
Date: Tue, 27 Jul 2010 18:07:02 -0600
Cc: cryptography@metzdowd.com
To: Nicolas Williams <Nicolas.Williams@oracle.com>
>> Haven't we already decided what to do: SNI?
>=20
> But isn't that the problem, that "SNI had to be added therefore it =
isn't
> everywhere therefore site operators don't trust its presence therefore
> SNI is irrelevant"?
It appears Apache supports SNI as of 2.2.12 which was released 12 months =
ago.
> Do we have any information as to which browsers in significant current
> use don't support SNI? Hopefully at some point site operators could
> declare that browsers that don't support SNI will not be supported.
The worst of the show stoppers is IE on Windows XP. No SNI support.
IE6 is still at 7.2% as of June 2010. It was 14.4% in June 2009. =20
http://www.w3schools.com/browsers/browsers_stats.asp
... is it possible to help IE6 and other non-SNI browsers to die faster?
Perry suggested reading Orwell's essay, "Politics and the English =
Language." Think about Orwell's opening sentence:
"Most people who bother with the matter at all would admit that the =
English language is in a bad way, but it is generally assumed that we =
cannot by conscious action do anything about it."
Now replace "the English language" with "PKI"
Then...
"There is a long list of flyblown metaphors which could similarly be got =
rid of if enough people would interest themselves in the job; and it =
should also be possible to laugh the not un- formation out of =
existence*...
*One can cure oneself of the not un- formation by memorizing this =
sentence: A not unblack dog was chasing a not unsmall rabbit across a =
not ungreen field.
So...
There is a long list of outdated browsers which could be got rid of if =
enough people would interest themselves in the job.
One fast way to pressure technological change is for the world to move =
on to better things and leave the legacy stuff behind. Who uses =
Netscape 4 or IE 5 any more? Those were left behind because everyone in =
web design wanted CSS support and just started using CSS. The web =
design field desperately wants to be throwing IE6-is-dead parties. =
Could some intelligent web designers come up with a few snippets of code =
in the various web flavors (PHP, ASP, JSP, etc) for people to easily =
install and include on their sites (as part of a movement to discourage =
old browser usage and encourage better security on the web...) If an =
old browser is detected, a friendly warning message or even an error =
message appears, along with links to the site explaining the movement... =
Of course it would only be grassroots, but I've heard enough rumbling =
on web designer blogs to think that someone might just take up a cause =
like that. The security community could encourage it maybe? Put a =
Paypal button on there. I know a lot of people who would donate money. =20=
Looks like at least one site is out there: http://ie6update.com/ but has =
no Paypal donate button, and doesn't offer newcomers the reasons they =
should switch to something more modern.
Maybe this is too utopian. But laughing does work, sometimes.
Paul Tiemann
(DigiCert)=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
