http://www.hecker.org/mozilla/ca-certificate-faq/policy-details/#risks
FTR:
Which risks and threats are you concerned about in connection with certificates and CAs?
As noted previously, we are concerned with the risks borne by typical users arising from the various certificate-enabled operations for which they might use Mozilla, namely
* browsing to SSL-enabled web sites or connecting
to other SSL-enabled servers (e.g., for IMAP, SMTP, etc.)
* sending and/or receiving signed and/or encrypted
S/MIME email
* downloading and installing and/or executing digitally
signed codeFor SSL-enabled browsing the most commonly-discussed risks are associated with scenarios in which a typical user believes they are communicating with an SSL-enabled web site (or other server) associated with a certain entity (e.g., their bank, a shopping site. their ISP's SSL-enabled mail server, etc.), but in reality they are communicating with another web site or server, operated by an attacker. The major risk here is that an attacker operating the second site will obtain sensitive information relating to the user, whether entered by the user (e.g., where an attacker is "phishing" for passwords) or transmitted by the original site (e.g., where a "man in the middle" attacker is eavesdropping on the user's connection).
There are also at least two other risks associated with SSL-enabled web browsing and other SSL-enabled operations: First, it may be that the user is actually connected to the "correct" site or server, but the user is led to believe that he or she is not properly connected to that site; the risk here is that the user may not take a desired action based on this false conclusion. Finally, the user may encounter some software malfunction (e.g., a browser crash) due to some aspect of SSL and certificates; again, this would possibly prevent the user from taking some desired action.
For S/MIME-enabled email the most commonly-discussed risks are associated with scenarios in which the user believes that they are communicating with the owner of a given email account (whether that owner be a person or entity), but in fact the email messages in question are being received from or by another (possibly malicious) person or entity. As a result the user runs the risk of exposing sensitive information (e.g., sent in an encrypted email read by an attacker) and/or taking inappropriate actions based on information the user believes to be trustworthy (e.g., a "phishing" site's URL contained in a signed email sent by an attacker).
For downloadable signed code the most commonly-discussed risks are associated with scenarios in the user believes that the code in question originates from a particular person or entity known to the user (e.g., a commercial software vendor, or an open source developer), but in fact the code originates from some other source, e.g., an attacker developing "trojan" programs, or a company distributing "spyware" or "adware". As a result the user might execute code that harms the user's system or exposes sensitive information.
As with SSL-enabled web browsing and S/MIME email, there are also risks associated with scenarios in which the user falsely concludes that the downloaded code is associated with the wrong person or entity, as well as risks associated with browser malfunctions due to problems related to code signing and certificates.
Note that many of the risks and threat scenarios discussed above could result from factors unrelated to CAs and certificates. To take but one example, it is possible that an attacker might exploit a non-SSL vulnerability in Mozilla to cause the browser's status bar and/or URL input field to display an incorrect site name when connecting to the attacker's web site.
-- _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
