Re: ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques]

Who exactly was that someone else supposed to be, for the home user?
I.e. my mom goes to some gardening forum, there's a self-signed cert
that has since changed. Who is supposed to be notified? It sounds like
this presupposes the existence of some service / infrastructure /
industry around sorting out cert problems (which are probably more
likely than an actual MITM attack). And so great, the user clicks
"Notify", and then what? They wait a week for a response? Or more
likely they just click through any errors because they want to know if
anyone has replied to their post about growing tea roses in Michigan?

I'm with Mez on this one, but I'm not sure I even support MAY.

On Jan 7, 2008 3:10 PM, Close, Tyler J. <tyler.close@hp.com> wrote:
>
> The text of ISSUE-160 includes the statement:
>
> "I'm still not buying the notification stuff. MAY at best."
>
> I understand there are other points bundled up in ISSUE-160, but I'ld like to get some more details on this particular point. Why exactly is offering notification a problem?
>
> I actually had a whole series of relevant experiences with the internal intranet at work this morning. Here's a story for ISSUE-160. I clicked a hyperlink to an intranet web service I use once in a while. It's certificate chain is rooted at one of the custom CAs used here. Normally, these custom CA certificates are auto-magically distributed to our desktops by the same software that does security updates. For some reason, this web service has changed certificate chains and is now using a CA cert that I don't yet have. I don't want to click through the cert warning to the service because that will reveal my username/password, which are kept in a cookie. So I can't find out who to complain to by looking at the hosted web pages. Wouldn't it be nice if the software which updates my browser's CA list could also configure a URL to be pinged when I encounter such a potential MITM attack. That way the dialog shown by the browser could offer me a nice button to click: "get someone else to deal with this problem". Instead, the button it offers me is "click here to ignore this MITM attack and turn over your password to some random computer on the intranet".
>
> --Tyler
>
> --
> [1] "Web Security Context: Experience, Indicators, and Trust"
>     <http://www.w3.org/2006/WSC/drafts/rec/#safebar-mitm>
>
> ________________________________
>
>         From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] On Behalf Of Mary Ellen Zurko
>         Sent: Friday, January 04, 2008 6:59 AM
>         To: public-wsc-wg@w3.org
>         Subject: Re: ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques]
>
>
>
>         ISSUE-160 makes the same basic proposal, perhaps for the same basic reasons, but I'm leaving both open and cross referenced, in case the resolutions of the underlying issues turn out to be different.
>
>         I agree that there should be only one place this is discussed. And from the logic of the document, it is in other places. If there is something in section 7 that should inform those other places, proposals for changes to those other places should be made. I'll give other folks a little more time on this issue to discuss, then do a straw poll of any concrete proposals on the table (so far there is one, to remove 7.9, but I'm certain there could be others that respond to the issues raised).
>
>         http://www.w3.org/2006/WSC/track/issues/127 <http://www.w3.org/2006/WSC/track/issues/127>
>         http://www.w3.org/2006/WSC/track/issues/160 <http://www.w3.org/2006/WSC/track/issues/160>
>
>                   Mez
>
>
>
>
>
>

Received on Monday, 7 January 2008 23:18:22 UTC