Bernie Sumption wrote, On 2008-11-04 04:04: >> Is removal of the ability to override bad certs the ONLY effective >> protection for such users? > > No. If we can detect MITM attacks, the problem goes away.
It does? Absence of an incomplete MITM attack does not prove the identity of the server. > There are ways of detecting MITM attacks, There are ways of detecting SOME MITM attacks on SOME server, those that affect only a limited portion of the Internet against servers that are not part of content distribution networks. The methods currently proposed also have the problem that they interfere with so-called content distribution networks (like Akamai, for one). They may detect MITMs when no MITM is in effect, simply because different servers rightfully act as www.foo.com in different parts of the Internet. > The important thing is that we recognise that some kind of MITM > detection is essential, no matter how hard it might be to implement, > because if you show the same UI for a MITM attack as you show for a > misconfigured/homebrew web server, even quite savvy users are going to > assume that a real MITM is a misconfiguration/homebrew. If you could implement a perfect MITM detection service, that would be of some value. But an imperfect MITM detection service simply becomes the favorite new target of attackers. A perfect MITM detection service is useful in that if it detects an MITM then that might be a basis upon which to stop the client cold. But in the absence of such detection, there is still no proof that the cert accurately identifies the party it claims to identify. Trouble is, users will learn to treat the absence of a definitive MITM detection as if it WAS proof of the server's identity. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto