> Is removal of the ability to override bad certs the ONLY effective
> protection for such users?

No. If we can detect MITM attacks, the problem goes away. There are
ways of detecting MITM attacks, but first of all, this is why we need
to do it:

The problem as I see it is that the same warning UI is shown whenever
there is a less than perfect certificate. Let us assume that 99.99% of
the time, this either a misconfigured web server or a homebrew site
that is using self-signed certs because they only care about
encryption, not authentication. 0.01% of the time it is a MITM
attack.In the MITM scenario the UI is not harsh enough. In the common
case it is too harsh.

The important thing is that we recognise that some kind of MITM
detection is essential, no matter how hard it might be to implement,
because if you show the same UI for a MITM attack as you show for a
misconfigured/homebrew web server, even quite savvy users are going to
assume that a real MITM is a misconfiguration/homebrew.

In the event of a MITM attack, the user should be shown a huge red
warning, like the phishing and malware warnings, stating that "Firefox
has detected a man-in-the-middle attack: we think that an attacker is
intercepting your connection". Whether you let users override this can
be debated.

In the event of a misconfigured web server / homebrew site, the user
could be shown a more qualified warning that "this site uses
encryption, but can't be identified because {$REASON}. It is
difficult, but not impossible, for an attacker to see any data you
send or receive. If you use this site for important communications or
financial transactions you should not use it. Please contact the site
owners and let them know about this problem."

Here's one idea for detecting MITM attacks, but I'm not a security
expert so please don't jump on me and call me an idiot. If this way
doesn't work for some reason, I'm sure that there are other ways:

The browser could send all self-signed or invalid certificates to a
trusted MITM detection service, say https://mitm.mozilla.com. A MITM
on this site is impossible because it would have a valid certificate.
This site could inspect the certificate and use a variety of
heuristics to detect MITM attacks:
* The service could connect to the same site and check that it has the
same certificate, which obviously only works if the attacker is not in
a position to MITM the trusted server too (if the attacker is on the
same network as the host, they can MITM any client on the Internet).
* The service could use a community based approach as used by phishing
detection to report MITM attacks so close to the target host that they
can MITM the entire Internet.
* There could be some kind of opt-in way (through a DNS record?) of a
site specifying a MITM policy, so banks could state that anything but
a properly signed certificate is treatede as an MITM.
* Any other ideas?

Care would need to be taken with privacy, but if this approach works
with phishing, why now MITM?

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to