| My hypothesis is that users just need to have an in-your-face reminder that they are venturing into uncharted territory whenever an unseen domain and/or certificate comes up. The "X" in my "first X times" could be as low as 1. You also don't need to show all cert metadata; just enough to be meaningful to the user. I believe that stuff like certificate signature, public key, and hash don't need to be shown to the user in such a modal dialog; they could be automatically checked against certificate transparency logs. What you want to show to the user in such as modal is stuff like: - entity name
- business registration jurisdiction
- business registration number
That's the kind of info that the CA ought to validate diligently. That's also the kind of info that people use to validate the identity of businesses in the physical world.The modal should also have clear wordings in big letters of what a certificate actually means, namely, that the communication with the server is safe against eavesdropping and forgery, but that it's the user's responsibility to make sure the server is not an imposter - e.g. similar name or same name but registered in a different jurisdiction than the legitimate entity. It's a lot about education, awareness, and timely reminders. The alternative, which is to hide any indication of EV from the user, seems to be throwing up our hands and just assume users are always dumb and lazy. In that case, why bother with, not just EV, but any certificate at all? |