Amir Herzberg wrote:
We have created a Mozilla extension that creates a secure, Trusted Logo
and Credentials Area, which displays logos and other credentials of the
site. We believe this helps protect web users, even naive users, against
spoofing and phishing attacks. We are still playing with the code but
hope to begin providing it to others soon; in the meanwhile, if you are
interested, we'll love to hear your comments. The proposal is described at:
Protecting (even) Na�ve Web Users, or: Preventing Spoofing and
Establishing Credentials of Web Sites, by Amir Herzberg and Ahmad Gbara
PDF at http://eprint.iacr.org/2004/155/
HTML via http://AmirHerzberg.com, or directly from
http://www.cs.biu.ac.il/~herzbea/Papers/ecommerce/spoofing.htm
It is the case that Mozilla's policy is to deliver
a browser that protects the default user, one who
does not know how to further secure themselves.
(ref: Frank's CA policy discussions.)
Unfortunately, Mozilla's browsers, in common with
other browsers, as currently delivered, do not
protect the user against the biggest real threat
out there to their browsing: phishing.
Protecting against phishing and 2 other MITM attacks
that secure browsing falls to is fairly simple:
1. the browser caches and counts visits to each cert
protected site. This is important because only the
browser can know that a perfect copy has never been
seen before.
2. the browser displays the CA logo (from distro) on
the chrome. See screen shots in the above paper.
See my earlier mail on why this is needed, and all
of the paper above.
3. the browser displays self signed certs in the chrome
exactly as per 2. No popup warnings! This is critical
to ease servers over to using SSL-by-default. Only when
large amounts of web traffic are protected by crypto
will it become routine to deal with cert fraud.
4. for the same reasons, web servers should by default
install and operate with SSCs.
Amir and Ahmad have coded up a version of the browser
logo display in Mozilla, building on earlier work by
Ye and Smith. They actually go further than I have
and propose site logos, and haven't coded up the cert
counting AFAIK (step 1).
Mozilla Foundation are in the unusual position
(along with Konqueror I suppose) of not having
necessarily to deal with the liability of the
phishing epidemic, but that still doesn't obviate
the need to protect ordinary, default users from
ordinary, easy phishing attacks.
iang
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
