W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-240 :TLS errors...

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 11 Jul 2007 16:45:40 +0200
To: Johnathan Nightingale <johnath@mozilla.com>
Cc: Serge Egelman <egelman@cs.cmu.edu>, W3C WSC Public <public-wsc-wg@w3.org>
Message-ID: <20070711144540.GU31669@raktajino.does-not-exist.org>

On 2007-07-09 15:47:55 -0400, Johnathan Nightingale wrote:

> What would your recommendation be for SS certs?  We toyed with
> the idea of saying that an SS cert connection should be quietly
> encrypted, but present no security indicators, since we have no
> reason to trust it.  The problem is that this enables the MitM
> scenario nicely.  A diligent user is careful never to visit her
> bank except via her trusted https bookmark, or by typing in the
> URL manually.  If someone tried to DNS spoof with a straight http
> connection, the attempt would fail, since the https connection
> would fall on the floor.  But if SS certs are quietly allowed
> through, the attacker can spin a SS-cert for bankofamerica.com
> and the connection would succeed (albeit without the usual
> context indicators).  This is the kind of thing that can't happen
> with a cert issued by a trusted CA, even a $20 one.

Isn't this a poster child use case for exploiting browser state?
E.g., exploiting the knowledge that a certain domain in connection
with HTTPS used to have a CA-based cert, and warning when that
changes?

-- 
Thomas Roessler, W3C  <tlr@w3.org>
Received on Wednesday, 11 July 2007 14:50:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:49 GMT