Eddy Nigg (StartCom Ltd.) wrote: > Johnathan Nightingale <[EMAIL PROTECTED]> wrote: >> Imagine that we found a way to clearly present to the user: >> >> + Your connection is encrypted >> + The site's identity has been verified >> + You've been here many times before >> + This site is trusted by (your friends | bbbonline | other vendor >> rating sites) >> + This site appears on no blacklists
> [snip] I think, that the SSL stuff and the other > indicators should be separated in some way, specially since the later > apply to plain http as well (and are perhaps much more important in that > respect, because of the missing indications of identity verification). Without SSL authentication of the site, the browser cannot honestly say any of the last 3 things in Jonathan's list. Without authenticating the site, you only know those properties of the URL, not of the site's content. The URL might be the same, but the actual site might be different due to any number of attacks (e.g. DNS cache poisoning, malicious router tables, hosts file poisoning). It is IMPOSSIBLE to tell, by examining site content only, whether you are at the site you think you are, or not. (If there is one point on which we should educate users, that's it!) Without authentication, the best you can say about those last 3 items are: + You've used this URL (or domain name) many times before + This URL (or domain name) is recommended by (friends, other sites) + This URL (or domain name) appears on no blacklists >> Identity is a piece of online safety, but it isn't all of it, Agreed, but reputation information is useless without authentication. Otherwise, a user will be relying on the reputation of a valid site while visiting an attacker's site. That's the very essence of phishing, and you cannot eliminate it without authentication. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
