Re: ACTION-240 :TLS errors... from Johnathan Nightingale on 2007-07-18 (public-wsc-wg@w3.org from July 2007)

From: Johnathan Nightingale <johnath@mozilla.com>
Date: Wed, 18 Jul 2007 09:58:24 -0400
To: Serge Egelman <egelman@cs.cmu.edu>
Cc: W3C WSC Public <public-wsc-wg@w3.org>
Message-Id: <837E439B-0AE4-40D3-8262-EB4A065497BC@mozilla.com>

On 18-Jul-07, at 9:48 AM, Serge Egelman wrote:

> Well, you said that this "is the poster child for exploiting browser
> state."  For it to be a serious threat that warrants consideration,  
> you
> must assume that most users read certificate data (regardless of  
> whether
> the browser is actually throwing a warning).  If we can assume that  
> most
> users do *not* read this information, then there's a plethora of much
> easier/likelier attacks.
>
> That is, it's a waste of time worrying about how a burglar might pick
> your fancy new lock when you regularly leave all the windows open.

Serge,

I might be wrong here, but I think you are talking past each other  
because I think you are misunderstanding Thomas' use of the word  
"exploiting".  His original quote, in response to the discussion  
about using a self-signed cert to facilitate a man in the middle  
attack, was:

> Isn't this a poster child use case for exploiting browser state?
> E.g., exploiting the knowledge that a certain domain in connection
> with HTTPS used to have a CA-based cert, and warning when that
> changes?

By which I believe he meant:  "This nicely illustrates why it would  
be useful for browsers to maintain state about prior SSL connections  
so that, in the event - however unlikely - that you visit a site  
which used to have a CA-signed cert, but which now instead presents a  
self-signed one, the browser can make all manner of noise/aggressive  
blockage, since that scenario is magnificently unlikely for any  
legitimate bank, webstore, etc."

I think he meant "exploiting browser state" as "leveraging browser  
state to do good things for users" not "attacking browser state,  
here's a new threat for us to consider."

As I say, maybe I'm wrong, and you're reacting to the idea as I (re-) 
expressed it, but one of us is being tripped up by email-fail,  
because I'm having trouble following your arguments against (what I  
understand to be) his point.

Cheers,

Johnathan

---
Johnathan Nightingale
Human Shield
johnath@mozilla.com

Received on Wednesday, 18 July 2007 13:58:38 UTC