I'm a bit puzzled by this "UKS" (Unknown Key Share) attack concept.
The attack scenario, presented in section 2 of https://www.ietf.org/id/draft-barnes-dane-uks-00.txt is that a user connects to the "attacker" site (say google.com) but actually google.com has published Facebook.com's public key and is a man-in-the-middle (MITM) forwarding all the traffic to facebook.com. Now this MITM can't actually read or modify any of the traffic, they are just a passive conduit. The most they can see is the timing of the traffic and the number of bytes involved. The user sees Facebook's site, secured with Facebook's key, even though they connected to google.com. (How or why the user was somehow convinced to connect to google.com while seeking facebook.com is unexplained.) So the threat is... uh... ? ... something about some cross-origin scripting firewall policy elsewhere in the system? Why do we care? John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
