Re: Yet another trusted proxy suggestion

On 26/11/13 11:10 PM, Martin Thomson wrote:
> On 26 November 2013 12:11, Adrien de Croy <adrien@qbik.com> wrote:
>> Chrome has the "incognito" frame.  You could use a different browser frame.
> So rather than the masked man (or the fancy masquerade sham in
> Firefox), you would have what, this:
> http://ts2.mm.bing.net/th?id=H.4858996483622041&pid=1.7?
>
Or this:
http://cyclestuff.files.wordpress.com/2012/11/eye-of-sauron.jpg
Or maybe this:
http://www.calwatchdog.com/wp-content/uploads/2011/07/big-brother-is-watching-you4.jpg

But it is worth considering what a UI tells the user. Certificate errors 
were notoriously ineffective, and part of this is because the message 
had to be ambiguous, like "this site is not certified by a trusted root. 
So, 9 times out of 10 this is just a harmless misconfiguration, or 
they're too cheap to buy a real certificate, but every once in a while 
it's really an attack."

For this we have the luxury of being able to be unambiguous: "The 
network has an HTTPS monitor called sslproxy.example.com that will 
decrypt all HTTPS traffic. Any passwords, credit card numbers and 
personal information will be visible to this proxy. Click <a 
href="https://sslproxy.example.com/.well-known/proxy-terms-of-use.html>here</a> 
to learn more about this proxy.".  It's tempting to add a "Trust this 
proxy" button there, or Firefox's "I understand the risks" (no, you 
don't). But I guess training users to click this button is bad practice. 
Better to give them instructions about how to configure their particular 
browser to trust this proxy through menus or about:config.

But regardless, a visual indication of the existence of the proxy is a 
benefit that we're missing with the MitM we have today. We could have 
warnings before typing in password fields or fields marked as credit 
card number.