Peter Kurrasch <[email protected]> writes: >I think focusing on the trusted root store as a way to resolve this problem >is (or will be) less than ideal.? I understand the desire to look there but I >don't think it will necessarily end well.
I think focusing on the browser as a whole is less than ideal. The browser vendors have chosen to adopt a "security" model where anything that can refer back to a particular string of bits in a config file is regarded as ultimately trusted and good. It can be loaded with malware, claim to be Bank of America but hosted in the Ukraine, and any number of other suspicious behaviours, but as long as there's a certificate present the browsers regard it as OK. Given the magic keys-to-the-kingdom approach adopted by the browser vendors, it's not surprising that attackers are targeting those magic keys, because that's all they need to do for the browsers to indicate that the site is fine. So the solution isn't to look for relief from the browser vendors, because if they were interested they'd have fixed this years ago. Instead, we need to rely on external agents like anti-malware apps and integrity checkers that keep an eye on the keys to the kingdom and make sure that they're not tampered with. Waiting for the browser vendors to fix things is just an exercise in frustration, while I'm pretty sure the A/V vendors added signatures for it within hours of finding out. Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
