I generally agree with the proposal. Mozilla should not treat all
classes the same. And it's an abstraction of EV, i.e. EV could be
treated as one class in this framework.
To make the problem more clear: The current flat model means that the
security of all certs is reduced to that of the lowest one. Assuming the
relying parts does not manually check the cert itself and has no
client-side cert of his own.
Attack scenario: I get a Class 3 or 4 cert. Somebody else gets a Class 1
cert for me - which is easy, you just need to be able to intercept
plaintext mails, exactly the type of attack that SSL is supposed to
prevent! Now, he can pose as me (either directly as phisher or social
engineer or as MITM) and present his Class 1 with my name on it to other
parties who want to communicate with me, and they won't notice the
difference, the UI will look exactly the same. Successful attack. SSL
failed in exactly the scenario it tried to prevent.
Lesson 1: Don't treat all classes the same, because they simply are not
Lesson 2: Class 1 certs are insecure (but would be OK in an "SSH model")
Lesson 3: Not remembering certs and warning when they change is a
security risk (contrast to SSH model)
Eddy's proposal was about 1. 3 needs to be solved, too, but it's harder
and I'll save that for a later proposal.
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
