> 1. How do you secure the connection to the perspectives server? The software to be released with predefined intrusion detection servers, each comes with it's own X.509 certificate, should be self signed. It's a kind of "Auditive" mechanism, by using it, we should be suspicious of any CA, so we won't use the same CAs we are trying to audit. The connection should be https for easy implementation. I don't see description on how "Perspectives" deal with this issue, can you explain?
> 2. How do you avoid false reports for the multiple servers that legitimately > claim to be the same server (same DNS name) in a content distribution > network (e.g. akamai)? I don't know why this "Auditive" scheme has to avoid this problem, what the threat? BTW, IMHO, CDN is used to distribute popular content, so the connection to a CDN should be in plain text. > 3. This scheme doesn't help when the MITM places himself close to the server > under attack (e.g. the server's ISP), such that all the clients everywhere > (except at the server's own point of presence) see the attacker's MITM'ed > cert chain. Isn't that a likely scenario for attacks in situations where > the ISP is controlled by the hostile party? I think you didn't look closely at my description. The intrusion detection servers track the changes of certificates belong to a host name over time, reported by user agent software around the world, this is just like "Perspectives". If there is one time the legitimate certificate from the web server reaches the web browser, it'll be recorded. The difference between "Perspectives" and this "Auditive" scheme is that Auditive is intended to inform system admin of the potential intrusion, not the user. This is an advantage, let's imagine, when gmail changes certificate when the existing certificate is almost expire, many millions users of "Perspectives" will be alerted and goes panic because the consumer isn't likely to be able to read the differences, many unnecessary support requests will be generated. -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
