W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-240 :TLS errors...

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Wed, 11 Jul 2007 21:09:33 -0400
Message-ID: <46957F4D.1@cs.cmu.edu>
To: Johnathan Nightingale <johnath@mozilla.com>, Serge Egelman <egelman@cs.cmu.edu>, W3C WSC Public <public-wsc-wg@w3.org>

Sure, that's a valid point.  However, your fatal error is assuming that 
a user is going to read the details of the cert.  Hell, if I do not 
receive a warning related to a certificate, I'm not going to waste time 
inspecting the details.  Do you?

Currently, most browsers warn about SSCs.  If I'm an attacker and want 
to use a certificate on my site, I'm going to get a cheap CA-issued one 
to avoid that warning.  I'd rather get it for 
bankofamerica.phishingsite.com than roll my own for bankofamerica.com 
because I can be reasonably assured that none of my targets will 
actually examine the name on it if they don't see a warning message.


Thomas Roessler wrote:
> On 2007-07-09 15:47:55 -0400, Johnathan Nightingale wrote:
>> What would your recommendation be for SS certs?  We toyed with
>> the idea of saying that an SS cert connection should be quietly
>> encrypted, but present no security indicators, since we have no
>> reason to trust it.  The problem is that this enables the MitM
>> scenario nicely.  A diligent user is careful never to visit her
>> bank except via her trusted https bookmark, or by typing in the
>> URL manually.  If someone tried to DNS spoof with a straight http
>> connection, the attempt would fail, since the https connection
>> would fall on the floor.  But if SS certs are quietly allowed
>> through, the attacker can spin a SS-cert for bankofamerica.com
>> and the connection would succeed (albeit without the usual
>> context indicators).  This is the kind of thing that can't happen
>> with a cert issued by a trusted CA, even a $20 one.
> Isn't this a poster child use case for exploiting browser state?
> E.g., exploiting the knowledge that a certain domain in connection
> with HTTPS used to have a CA-based cert, and warning when that
> changes?

PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University

Legislative Concerns Chair
National Association of Graduate-Professional Students
Received on Thursday, 12 July 2007 01:11:29 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:17 UTC