Bernie Sumption wrote, On 2008-11-04 04:04:
>> Is removal of the ability to override bad certs the ONLY effective
>> protection for such users?
> 
> No. If we can detect MITM attacks, the problem goes away. 

It does?

Absence of an incomplete MITM attack does not prove the identity of the
server.

> There are ways of detecting MITM attacks, 

There are ways of detecting SOME MITM attacks on SOME server, those that
affect only a limited portion of the Internet against servers that are
not part of content distribution networks.

The methods currently proposed also have the problem that they interfere
with so-called content distribution networks (like Akamai, for one).
They may detect MITMs when no MITM is in effect, simply because different
servers rightfully act as www.foo.com in different parts of the Internet.

> The important thing is that we recognise that some kind of MITM
> detection is essential, no matter how hard it might be to implement,
> because if you show the same UI for a MITM attack as you show for a
> misconfigured/homebrew web server, even quite savvy users are going to
> assume that a real MITM is a misconfiguration/homebrew.

If you could implement a perfect MITM detection service, that would be
of some value.  But an imperfect MITM detection service simply becomes
the favorite new target of attackers.

A perfect MITM detection service is useful in that if it detects an MITM
then that might be a basis upon which to stop the client cold.  But in
the absence of such detection, there is still no proof that the cert
accurately identifies the party it claims to identify.  Trouble is,
users will learn to treat the absence of a definitive MITM detection as
if it WAS proof of the server's identity.

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to