[18841] in cryptography@c2.net mail archive
Re: HTTPS mutual authentication alpha release - please test
daemon@ATHENA.MIT.EDU (cyphrpunk)
Fri Nov 4 17:27:21 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 3 Nov 2005 15:00:06 -0800
From: cyphrpunk <cyphrpunk@gmail.com>
To: Nick Owen <nowen@wikidsystems.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <436A519E.60300@wikidsystems.com>
On 11/3/05, Nick Owen <nowen@wikidsystems.com> wrote:
> cyphrpunk wrote:
> > On 10/31/05, Nick Owen <nowen@wikidsystems.com> wrote:
> >
> >>The system works this way: Each WiKID domain now can include a
> >>'registered URL' field and a hash that website's SSL certificate. When
> >>a user wants to log onto a secure web site, they start the WiKID token
> >>and enter their PIN. The PIN is encrypted and sent to the WiKID server
> >>along with a one-time use AES key and the registered URL. The server
> >>responds with a hash of the website's SSL certificate. The token clien=
t
> >>fetches the SSL certificate of the website and compares it the hash. I=
f
> >>the hashes don't match, the user gets an error. If they match, the use=
r
> >>is presented with registered URL and the passcode. On supported
> >>systems, the token client will launch the default browser to the
> >>registered URL.
> >
> >
> > What threat is this supposed to defend against? Is it phishing? I
> > don't see how it will help, if the bogus site has a valid certificate.
>
> Yes, phishing. The token client isn't checking to see if the cert is
> valid, it's only checking to see if it's the same as the one that is on
> the WiKID authentication server. The cert doesn't have to be valid or
> have the root CA in the browser.
But this would only help in the case that an old URL is used and a new
certificate appears, right? That's what would be necessary to get a
match in your database, pull down an old certificate, and find that it
doesn't match the new certificate.
Phishers don't do this. They don't send people to legitimate URLs
while somehow contriving to substitute their own bogus certificates.
They send people to wrong URLs that may have perfectly valid
certificates issued for them. I don't see how your system defends
against what phishers actually do.
CP
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
