[144810] in cryptography@c2.net mail archive
Re: Client Certificate UI for Chrome?
daemon@ATHENA.MIT.EDU (Steven Bellovin)
Fri Sep 4 15:46:21 2009
Cc: Peter Gutmann <pgut001@cs.auckland.ac.nz>, jamesd@echeque.com,
cryptography@metzdowd.com
From: Steven Bellovin <smb@cs.columbia.edu>
To: Ben Laurie <benl@google.com>
In-Reply-To: <1b587cab0908260326v40cca144yfb8bb378b59fae71@mail.gmail.com>
Date: Wed, 2 Sep 2009 15:13:59 -0400
On Aug 26, 2009, at 6:26 AM, Ben Laurie wrote:
> On Mon, Aug 10, 2009 at 6:35 PM, Peter Gutmann<pgut001@cs.auckland.ac.nz
> > wrote:
>> More generally, I can't see that implementing client-side certs
>> gives you much
>> of anything in return for the massive amount of effort required
>> because the
>> problem is a lack of server auth, not of client auth. If I'm a
>> phisher then I
>> set up my bogus web site, get the user's certificate-based client
>> auth
>> message, throw it away, and report successful auth to the client.
>> The browser
>> then displays some sort of indicator that the high-security
>> certificate auth
>> was successful, and the user can feel more confident than usual in
>> entering
>> their credit card details. All you're doing is building even more
>> substrate
>> for phishing attacks.
>>
>> Without simultaneous mutual auth, which -SRP/-PSK provide but PKI
>> doesn't,
>> you're not getting any improvement, and potentially just making
>> things worse
>> by giving users a false sense of security.
>
> I certainly agree that if the problem you are trying to solve is
> server authentication, then client certs don't get you very far. I
> find it hard to feel very surprised by this conclusion.
>
> If the problem you are trying to solve is client authentication then
> client certs have some obvious value.
>
> That said, I do tend to agree that mutual auth is also a good avenue
> to pursue, and the UI you describe fits right in with Chrome's UI in
> other areas. Perhaps I'll give it a try.
This returns us to the previously-unsolved UI problem: how -- with
today's users, and with something more or less like today's browsers
since that's what today's users know -- can a spoof-proof password
prompt be presented?
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
