RE: ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques]

• From: Close, Tyler J. <tyler.close@hp.com>
• Date: Mon, 7 Jan 2008 23:10:03 +0000
• To: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>, "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
• Message-ID: <C7B67062D31B9E459128006BAAD0DC3D14554D66@G6W0269.americas.hpqcorp.net>

The text of ISSUE-160 includes the statement:

"I'm still not buying the notification stuff. MAY at best."

I understand there are other points bundled up in ISSUE-160, but I'ld like to get some more details on this particular point. Why exactly is offering notification a problem?

I actually had a whole series of relevant experiences with the internal intranet at work this morning. Here's a story for ISSUE-160. I clicked a hyperlink to an intranet web service I use once in a while. It's certificate chain is rooted at one of the custom CAs used here. Normally, these custom CA certificates are auto-magically distributed to our desktops by the same software that does security updates. For some reason, this web service has changed certificate chains and is now using a CA cert that I don't yet have. I don't want to click through the cert warning to the service because that will reveal my username/password, which are kept in a cookie. So I can't find out who to complain to by looking at the hosted web pages. Wouldn't it be nice if the software which updates my browser's CA list could also configure a URL to be pinged when I encounter such a potential MITM attack. That way the dialog shown by the browser could offer me a nice button to click: "get someone else to deal with this problem". Instead, the button it offers me is "click here to ignore this MITM attack and turn over your password to some random computer on the intranet".

--Tyler

--
[1] "Web Security Context: Experience, Indicators, and Trust"
    <http://www.w3.org/2006/WSC/drafts/rec/#safebar-mitm>

________________________________

        From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko
        Sent: Friday, January 04, 2008 6:59 AM
        To: public-wsc-wg@w3.org
        Subject: Re: ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques]



        ISSUE-160 makes the same basic proposal, perhaps for the same basic reasons, but I'm leaving both open and cross referenced, in case the resolutions of the underlying issues turn out to be different.

        I agree that there should be only one place this is discussed. And from the logic of the document, it is in other places. If there is something in section 7 that should inform those other places, proposals for changes to those other places should be made. I'll give other folks a little more time on this issue to discuss, then do a straw poll of any concrete proposals on the table (so far there is one, to remove 7.9, but I'm certain there could be others that respond to the issues raised).

        http://www.w3.org/2006/WSC/track/issues/127 <http://www.w3.org/2006/WSC/track/issues/127>
        http://www.w3.org/2006/WSC/track/issues/160 <http://www.w3.org/2006/WSC/track/issues/160>

                  Mez

Received on Monday, 7 January 2008 23:11:00 UTC