An OpenSSH-like warning when the certificate changes would be a welcome addition. The warning could depend on the exact change, with a bigger warning for CA change. Of course normal users would click through it but at least security savvy users could be protected and potentially raise an alert.

We have a student that surveyed this last year. He implemented something very similar of what you are talking about here. The paper published on SBSEG' 09 is here:

http://dl.dropbox.com/u/142722/Papers/sbseg09/wticgST2a3.pdf

Do you think this *gives* the user a chance to detect it, or do you think it actually will lead to a reduction in the problem?

Much has been written about user security indicators and without going crazy with references its a quick search through the literature to show that your idea probably/definitely won't work, because user visible security indicators just don't work this way.

Assume for the moment that there is a real interest in fixing this issue (there isn't, but I'll play along). Andy is right that it isn't going to do much good because, in essence, users don't care.

The fundamental problem with this security scheme is that it requires some action of the part of the consumer. But consumers aren't interested in the bother.

Imagine the following situation. You walk into your local bank but in order to withdraw any money you needed to do the following: interview the guard at the door to make sure he really worked for the bank, interviewed the teller to make sure he really worked for the bank, and then set at least 10% of the money you withdrew from the bank on fire so you could watch it burn and see if it was fake or not.

There is an old saying "trust but verify". The problem is that this is a contradiction in terms. Trust means precisely that I don't have to verify. If I have to verify every transaction to see if the money is good, that's not trust. If I have to spy on my wife all the time to see if she's cheating, that's not trust.

Asking the user to verify, when what the user wants to do is trust, is design failure that no amount of coding is going to fix.

been a number of ongoing

latest

In SSL We Trust? Not Lately
http://www.darkreading.com/blog/archives/2010/04/trust_in_ssl_st.html

recent comments:
http://www.garlic.com/~lynn/2010g.html#79

as to "trust but verify" ... old (financial cryptography) Audits VII post
http://www.garlic.com/~lynn/2009s.html#45
here:
http://financialcryptography.com/mt/archives/001131.html

mentioning relative spent decade at DTRA in treaty compliance and on-site inspection.

more recent dtra post
http://www.garlic.com/~lynn/2010b.html#47

yesterday new treaty was signed (still has to be ratified)

Client side certificate verification is all i have to say.

You should checkout the Monkeysphere project (http://web.monkeysphere.info), which aims to re-engineer this problem from a decentralized, and distributed trust model.