-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steven M. Bellovin
Sent: 03 May 2008 00:51
To: Arcane Jill
Cc: cryptography@metzdowd.com
Subject: Re: SSL and Malicious Hardware/Software

> > I can't think of a great way of alerting the user,
> I would be alerted immediately, because I'm using the Petname Tool
> Firefox plugin.
> For an unproxied site, I get a small green window with my own choice
> of text in it (e.g. "Gmail" if I'm visiting https://mail.google.com).
> If a proxy were to insert itself in the middle, that window would turn
> yellow, and the message would change to "(untrusted)".
Assorted user studies suggest that most users do not notice the color
of random little windows in their browsers...

The point is that the plugin does not trust the browser's list of installed CAs. The only thing it trusts is the fingerprint of the certificate. If the fingerprint is one that you, personally, (not your browser), have approved in the past, then the plugin is green. If not, the plugin is yellow.

Without this plugin, identifying proxies is hard, because the proxy certificate will likely be installed in your browser, so it will just automatically pass the usual SSL checks, and will appear to you as an authenticated site. If you have an expectation that your web traffic will not be eavesdropped en route, then the sudden appearance of a proxy can flout that expectation.

On the other hand, a system which checks /only/ that the certificate fingerprint is what you expect it to be does not suffer from the same disadvantage. This is a technical difference. There's more to it than just the color of the warning sign! (...though I do concede, a Red Alert siren would probably get more attention :-) ).

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to