[106177] in North American Network Operators' Group
Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)
daemon@ATHENA.MIT.EDU (William Pitcock)
Thu Jul 24 05:02:34 2008
From: William Pitcock <nenolod@systeminplace.net>
To: Robert Kisteleki <robert@ripe.net>
In-Reply-To: <4888348C.3010806@ripe.net>
Date: Thu, 24 Jul 2008 04:06:07 -0500
Cc: nanog@merit.edu
Errors-To: nanog-bounces@nanog.org
On Thu, 2008-07-24 at 09:51 +0200, Robert Kisteleki wrote:
> Patrick W. Gilmore wrote:
> > Anyone have a foolproof way to get grandma to always put "https://" in
> > front of "www"?
>
> I understand this is a huge can of worms, but maybe it's time to change the
> default behavior of browsers from http to https...?
>
> I'm sure it's doable in FF with a simple plugin, one doesn't have to wait
> for FF4. (That would work for bookmarks too.)
>
I don't think anything involving HTTPS is necessairly an answer to this
problem. Specifically:
* not all sites do HTTPS
* many organizations use transparent proxies like Microsoft ICA
* certification authorities can in theory be bought off (or otherwise
manipulated) to issue bogus certs, making switching to HTTPS worthless
William
