On 13/08/13 14:59 PM, Gervase Markham wrote:
On 13/08/13 08:44, Mikko Rantalainen wrote:
I cannot speak for Ian, but I'd guess "neutral" mode means something
along the lines "use encrypted connection but do not show any
additional 'secure' UI decorations". That would be suitable for cases
where site wants to protect the user input and site output but
there's no need to convince the user that the *site* is secure. Kind
of "this is normal content that just happens to be transferred over
secure link, allow all stuff that would be allowed if the host
document used HTTP connection".
http://www.gerv.net/security/self-signed-certs/ deals with some of the
arguments usually raised in this regard.
Badly. Riddled with bad, false and self-serving assumptions. here's
just one:
"Before we begin, we must understand that
Security = Encryption * Authentication."
Wrong. That happens to be the SSLv2 security offering, aka C.I.A. for
confidentiality, integrity, authenticity. That model has only the
vaguest relationship to the security of the users. Even the inventors
of SSLv2 don't hold onto that position with any seriousness any more.
Even the browsers don't implement that model, because they famously do
not state to the user who is authenticating what. Substitutions without
notice are part of the architecture.
However, as people will all know by now, both sides on this debate are
entrenched, and habitually do not take the other side seriously (unless
pricked by some public event). So there is really no point in a point
by point rebuttal of that document.
Implementing such a mode is not simple without ending up effectively
implementing the "SSH model" of key continuity, the flaws in which are
described in that paper.
Say you have an HTTPS bookmark to your bank. You visit it (your techie
friend told you "always use this bookmark for your bank, and you'll be
safe"), and someone MITMs you using "neutral mode". Instead of the big
warning you get now, you'd have to notice the sudden lack of secure
indicators. Ideally, you would, but it's a much less obvious failure
mode than the current warnings.
Bookmark, meet programmer. Programmer, offer a bookmark security
variation. Users, smile & click.
(The bookmark security model is well written up in other places, but it
is very easy to ignore.)
Those who propose a "neutral mode" need to produce a proper,
critique-able proposal which covers all of the cases like this. They'll
find it's not as simple as it sounds.
It's not as simple as almost all security experts expected it to be,
very true. But the barriers are in the minds, not in the designs.
iang
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
