Hi Francisco,
On Mon, Jul 25, 2011 at 4:50 PM, Francisco Corella <fcorella@pomcor.com>wrote:
>
> <snip>
>
> > Though I wonder how different this
> > is from a cookie or HTML5 browser data storage?
>
> It's functionally equivalent to a cookie or HTML5 browser data storage
> (or Flash data storage), but more secure. A cookie is a shared
> secret, you have to send it to the relying party. If you send it over
> a TLS connection and nothing goes wrong, that's OK. But if something
> goes wrong due, e.g., to a vulnerability, and an attacker gets the
> cookie, then the attacker can impersonate. By contrast, the private
> key associated with a certificate stays in the browser. Sure, the
> browser could be compromised, but that's less likely. Another way to
> put it: the attack surface against a cookie includes browser, server,
> and transmission, whereas the attack surface against a private key
> includes the browser only.
>
Cookies used in HTTPS should be set to secure cookies so that the browser
does not send them unencrypted, thus avoiding HTTPS Cookie Hijacking. There
were some exploits circulating in the past but most applications have been
fixed by now. So out of the three types of attacks, the transmission one is
easy to avoid. Server: if a server is compromised, it is already game over
(nevermind cookies). The last one is the browser (less likelihood), where
cookies + public keys could be stolen.
Steph.