On Friday 13 May 2005 12:52, Gervase Markham wrote:
> Ian G wrote:
> > When Firefox goes to one of the non-default sites, it is
> > presented with the default cert and indicates it is wrong.
> > I then click through and accept it, so https is opened up
> > on the site. But, down in the bottom right, instead of
> > displaying the correct details about the certificate that
> > is in use, it displays the host name that we went to.
>
> This is correct, and by design. The rationale was as follows:
>
> - Certs often contain wildcards, which cannot easily be understood by
> end users. (What does "mecha|rheet.mozilla.org" mean?) We needed to
> display a single hostname in that space at all times.
I see! Tough one. Question of clarification - are you
saying that the status bar always displays the target
host name rarther than the domain field out of the cert?
That would mean that the status bar is simply another
confirmation of the original host.
Or it only displays the hostname from the URL when
there is no easy and positive match?
Either way, this opens the way to click-thru-phishing.
After the click-thru has been tricked from the user ("win
a free cruise if you try out our new certificate and get to
the magic cookie") then the security UI goes on to
confirm the domain of phisher's choice.
> - If you've already clicked through a warning which says "Hey, there's
> something funny going on here", you don't IMO have a right to expect
> that the security UI will continue to be correct.
What the click-thru means is subject to debate of
course. There are going to be several viewpoints
as to the meaning:
* the user's meaning,
* the developer's,
* the UI designer's,
* what the messages actually say,
* the victim's thoughts ... after being robbed,
* the court's interpretation.
Personally, I'd take it as "carry on" but I wouldn't
take it as "open licence" to change the way the
security statements are made. More below...
> Suggestions for other ways of dealing with issue 1) while preventing
> issue 2) are welcomed.
Phishers are active attackers. They have advantages,
they have millions of users out there who all have known
browser sets. So a phisher can look at your arrangement
and figure out a way to slide his hook through. That
means that the browser is a static target and the attacker
is dynamic, evolving, and can try out lots of things.
Which means any interpolation - any advice that is
presented to the user - can be used against her /
her security. If the status bar shows a domain name
that came from somewhere else then that can be
spoofed (in theory).
Which leads to the following suggested principle:
the security UI should state only things it knows to
be true. Once it has confirmed by secure signature
exchange that it is talking to a given certificate, it
knows by the properties of public key cryptography
that everything in the certificate relates reliably to
this connection.
So it should show the domain name it found in the
cert, if following that principle. (I'm assuming here
that the status bar is the security UI in question.)
Above you introduce a problem with this principle:
certificates may have various mappings and manglings.
So the question arises - principle or convenience?
In the pre-phishing days (1994 - 2002) this would
have been easy to answer - convenience. Even
now, there are no SSL phishes so it is still possible
to answer convenience without difficulty. But I fear
the phish will cast for SSL soon enough so it is
definately worth pondering the alternate.
If one were to stick to the principle then one would
have to _interpret_ the mapping. For example, in the
above case, if you saw two subdomains then you
could display:
<grey>mecha|<grey>rheet.mozilla.org
when you matched the URL to rheet.mozilla.org,
and:
<grey>rheet|<grey>mecha.mozilla.org
if you matched the other domain. Pick some
default if you matched no domains like the actual
line in the cert:
mecha|rheet.mozilla.org
with no shading. And the user might not quite
see what they hell that means, but this is the
security UI and that line is what you know, and
if the user can't work it out maybe that's because
there is a problem.
For wildcards like *.mozilla.org, I'd be inclined
to do something like one of these alternates:
<i>bugzilla</i>.mozilla.org
<i>*bugzilla*</i>.mozilla.org
<grey>*</grey>bugzilla<grey>*</grey>.mozilla.org
*<grey>bugzilla</grey>*.mozilla.org
if and only if you match that from the hostname.
If no match found, then show it in full:
*.mozilla.org
and the user can scratch her head as to why
it doesn't say www.mozarella.org as the hostname
clearly shows.
If you were to follow that logic it's still an open
question as to whether a mapping for all forms
of the cert fields can be found. Also, can the
status bar show anything like the formatting
tricks above?
iang
--
http://iang.org/
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
