- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 11 Jul 2007 16:45:40 +0200
- To: Johnathan Nightingale <johnath@mozilla.com>
- Cc: Serge Egelman <egelman@cs.cmu.edu>, W3C WSC Public <public-wsc-wg@w3.org>
On 2007-07-09 15:47:55 -0400, Johnathan Nightingale wrote: > What would your recommendation be for SS certs? We toyed with > the idea of saying that an SS cert connection should be quietly > encrypted, but present no security indicators, since we have no > reason to trust it. The problem is that this enables the MitM > scenario nicely. A diligent user is careful never to visit her > bank except via her trusted https bookmark, or by typing in the > URL manually. If someone tried to DNS spoof with a straight http > connection, the attempt would fail, since the https connection > would fall on the floor. But if SS certs are quietly allowed > through, the attacker can spin a SS-cert for bankofamerica.com > and the connection would succeed (albeit without the usual > context indicators). This is the kind of thing that can't happen > with a cert issued by a trusted CA, even a $20 one. Isn't this a poster child use case for exploiting browser state? E.g., exploiting the knowledge that a certain domain in connection with HTTPS used to have a CA-based cert, and warning when that changes? -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 11 July 2007 14:50:08 UTC