Kyle Hamilton wrote:
The basic idea for querying this would be as follows: hash the Subject
and each/all SANs in the certificate, and query for that hash (perhaps
to a web service). If there's a match,
Would I as an attacker use a perfect Subject / SAN that would leave
itself easily matchable by software?
ensure it's signed by a CA in
the default db;
Does this mean, on examining each cert, we would have to go to each CA
to see if it records that Subject / SANs ?
if it isn't, conclude that it's an MITM. If there
isn't a match, pop up a small notification (like the 'Firefox has
blocked this download' notification) that Firefox can't authenticate
the certificate, and they proceed at their own risk. (If they add the
certificate to their store, the notification can say "You've manually
accepted the certificate for this site, Firefox didn't do it
automatically"?)
Yes, certs that the user has accepted should be shown differently. They
have a different trust chain.
I would have no problem with changing the chrome when people step
outside of the assurances that Firefox tries to provide. I /do/ have
a problem with removing the ability for users to try to self-organize
their own networks. (The threat model is different, the policies are
different, and the fact that everyone on this list is talking about
removing the ability for self-signed roots to be used at all is an
extremely counterproductive and cartel-supporting view.)
I don't think it is "everyone" although there is a loud minority against
self-signed certs. As far as I can see, there is no consensus to drop
them from Firefox, and my understanding is that Firefox is still
planning to enhance the KCM in future generations. Also, Firefox isn't
discussed on this group, this is dev-tech-crypto.
(I could be wrong, but I'm not a developer so there is not a lot I can
do about it ... either being wrong or doing the code :) ).
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
