Julien Pierre wrote:
Ka-Ping Yee wrote:
On Wed, 2 Nov 2005, Julien Pierre wrote:
The account (or other relationship) you previously established at the
website you wanted -- the "one truly intended" as you put it. The
phisher wants to fool you into believing you are participating in that
relationship when in reality you are dealing with an impostor. By
keeping note of the certificate information, your browser can tell you
reliably whether you are dealing with the same site and not an impostor.
No. A party is allowed to use more than one certificate, for reasons
such as renewal, or many other. There is nothing in
X.509 or SSL that says one party only has one cert, quite the contrary.
The fact that the certificate has changed since your last communication
does not tell you that you aren't dealing still with the same site .
Authentication by Key Continuity is not textbook PKI.
It is based on the observation that it is very hard
for an impostor to deceive you multiple times, so the
more successful interactions you have had with the *same*
entity, the more trust you have in it. (I don't remember
how Key Continuity deals with an eavesdropping man in
the middle.) With Key Continuity, you don't need to
get the trust from a CA; the certificates can be self
signed. You build up the trust in a certificate as
you have more and more successful interactions with
that *same* entity.
Here is a recent paper related to Key Continuity:
http://www.simson.net/ref/2005/johnny2_usenixsecurity05_submited.pdf
Wan-Teh
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
