> If we create an error display that says "No kidding, this absolutely > is an attack and we're stopping you cold to protect you from it." > it seems unavoidable that users will learn to treat the absence > of such an unbypassable error display as proof to the contrary, > proof that the site is genuine and verified. > > Do we want to train them that way?
I don't think that this is an issue. I believe most users likely never see a MITM attack in their browsing carer - indeed this rarity of real MITM attacks is the reason why real attacks are interpreted as false positives, it's just the most likely explanation for a cert error screen. If a MITM detection service could be designed that gave no false negatives, most users would never see it, so would not learn to associate the existing cert error screen with an "all clear". I have no idea if MITM attacks are generally targeted at users, as in the case of this thread, or against servers. If MITM attackls are targeted at servers, I accept that there is very little that Firefox can do to stop this. If the attack is targeting a user, surely there is an opportunity for Firefox to help the user realise that they are being MITM'd? This could be a sustained attack, lasting days or weeks, slowly collecting all of the user's passwords. The idea of it makes me shudder! Any solution will be an imperfect trade-off, but is it really the consensus that there's no better trade- off than the current situation? _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
