Hiya, On 02/14/2013 02:55 AM, Joseph Bonneau wrote: >> For example, ISTM that a lot of bad URLs that are de-referenced are >> received in spam that won't contain this, or are in hrefs on pages >> loaded from sites that won't use this, or that attacks are trying >> to trick users into accepting a bogus version of a site that they >> have already visited (e.g. a bank). >> > > Not attempting to deal with spam or phishing. Phishy sites will probably > not use TLS anyways.
Fair enough, but my question is: what does this deal with? Can you give a walk-through of a bad thing that does happen, and how that bad thing is less likely to happen or be exploitable if this mechanism is deployed? Honestly, I'm not seeing it. > I also agree that there will be tons of insecure links all over the web and > that this is not a complete solution but an incrementally deployable > measure that I claim can protect many connections. The claim is based on > the hunch that a large percentage of *initial* connections to new sites > happen via hyperlinks served by small number of hubs: namely webmail, > search engines, social networks, link shorteners. If you can secure these > initial connections relatively cheaply it's a win. Just to try clarify why I'm not seeing it... For webmail and social networks there's an account setup phase where I'm not sure this helps and after that HPKP or whatever can kick in. Link shorteners maybe, but I'm not sure what's proposed for that (the hash of who's key is where and checked when?). And for search engines, I don't see how my browser will know that duckduckgo use this and do that well enough to block something without creating a possible DoS from any bit of HTML that convinces my browser to believe in the link-security attribute. So maybe I'm just slow, but a walkthrough of just how this is an effective mitigation for some real threat would help me a lot. (Sorry if that's on the site and I missed it.) >> I hope the answer ins't to the effect that UAs >> need to go through some gatekeeper site before going anywhere else, >> but I expect that'll not be your answer.) > > This is exactly the motivation for this proposal: I don't want UAs to go > through any *new* gatekeeper or add a blocking lookup to a trusted > authority to get to the right destination securely. I want to leverage the > fact that the vast majority of users already go through gatekeepers from a > small set before going anywhere else. Perhaps this isn't everybody's ideal > of how the web should work, but since that's the reality I think it's > useful to use these gatekeepers to distribute security information. Well, today's reality is not what was reality a decade ago. And I firmly believe we're likely to see as much or more change in the next decade, so I'm uncomfortable with solutions that depend on today's top-10 sites or anything similar to be honest. There can be a place for such things of course, but I think its very reasonable to be wary of all such solutions. (But that's all jumping ahead, I'd rather talk about the walkthrough thing, so fee free to ignore me on this for now:-) > Websites are also far more agile as trust anchors than almost anything else > under consideration. Some users know how to change search engines but > virtually zero have any idea what a CA is. > > I grant that s-links on their own won't solve things so I'd encourage the > proposal not to be considered in isolation. S-links are fundamentally > dependent on some other protocol gaining non-trivial deployment (where > non-triivial means that the list of supporting sites can't be hard-coded > into the browser). But thinking ahead, s-links make the deployment story > for HPKP, CT, or lots of other proposals much more believable to me so I > think there's value in developing it alongside them. S-links will always be > useful in an HPKP world, and for CT until 100% deployment (at CAs) is > achieved. > > As for the mailing list-I'll enable the archive when there are substantive > posts to the mailing list. It's only 3 weeks old though and is content-less > so far :-) That can be one of the most useful things to know about an archive:-) But fair enough and thanks for bringing this up here, I do think its worth discussing. Cheers, S. > > Cheers, > > Joe > > > > _______________________________________________ > therightkey mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/therightkey > _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
