[122625] in cryptography@c2.net mail archive
Re: SSL and Malicious Hardware/Software
daemon@ATHENA.MIT.EDU (Arcane Jill)
Tue May 6 13:41:47 2008
From: "Arcane Jill" <arcanejill@ramonsky.com>
To: <cryptography@metzdowd.com>
Date: Tue, 6 May 2008 09:39:39 +0100
-----Original Message-----
From: owner-cryptography@metzdowd.com [mailto:owner-cryptography@metzdowd.com]
On Behalf Of Steven M. Bellovin
Sent: 03 May 2008 00:51
To: Arcane Jill
Cc: cryptography@metzdowd.com
Subject: Re: SSL and Malicious Hardware/Software
> > > I can't think of a great way of alerting the user,
> >
> > I would be alerted immediately, because I'm using the Petname Tool
> > Firefox plugin.
> >
> > For an unproxied site, I get a small green window with my own choice
> > of text in it (e.g. "Gmail" if I'm visiting https://mail.google.com).
> > If a proxy were to insert itself in the middle, that window would turn
> > yellow, and the message would change to "(untrusted)".
> >
> Assorted user studies suggest that most users do not notice the color
> of random little windows in their browsers...
The point is that the plugin does not trust the browser's list of installed
CAs. The only thing it trusts is the fingerprint of the certificate. If the
fingerprint is one that you, personally, (not your browser), have approved in
the past, then the plugin is green. If not, the plugin is yellow.
Without this plugin, identifying proxies is hard, because the proxy certificate
will likely be installed in your browser, so it will just automatically pass
the usual SSL checks, and will appear to you as an authenticated site. If you
have an expectation that your web traffic will not be eavesdropped en route,
then the sudden appearance of a proxy can flout that expectation.
On the other hand, a system which checks /only/ that the certificate
fingerprint is what you expect it to be does not suffer from the same
disadvantage. This is a technical difference. There's more to it than just the
color of the warning sign! (...though I do concede, a Red Alert siren would
probably get more attention :-) ).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
