| 1 |
Am 24.02.2012 18:33, schrieb Paul Hartman: |
| 2 |
> On Fri, Feb 24, 2012 at 10:43 AM, Michael Orlitzky <michael@××××××××.com> wrote: |
| 3 |
>> On 02/24/12 02:45, Florian Philipp wrote: |
| 4 |
>>> |
| 5 |
>>> Let's not forget that whenever you are presented with that warning, it |
| 6 |
>>> could also be a man-in-the-middle attack. Therefore just clicking on |
| 7 |
>>> "Accept" on every site is about the stupidest thing you can do. |
| 8 |
>>> |
| 9 |
>>> I'm unsure how the warning looks when you have previously accepted a |
| 10 |
>>> normally untrusted certificate on that site and now it is different |
| 11 |
>>> (which could be an indication of MITM). I hope there is a big red flashy |
| 12 |
>>> warning but I doubt it. |
| 13 |
>>> |
| 14 |
>> |
| 15 |
>> Not if the certificate is "valid." |
| 16 |
>> |
| 17 |
>> The only sane way to handle certificates with parties you've never met |
| 18 |
>> (i.e. every website) is the SSH method: you accept that, no matter what, |
| 19 |
>> there's always going to be one opportunity for a man-in-the-middle |
| 20 |
>> attack. The first time you connect, you save the remote server's |
| 21 |
>> certificate. If it changes, freak out. |
| 22 |
>> |
| 23 |
>> The certificate patrol extension does this: |
| 24 |
>> |
| 25 |
>> http://patrol.psyced.org/ |
| 26 |
>> |
| 27 |
>> With it, self-signed certificates become more secure than CA-signed ones. |
| 28 |
> |
| 29 |
> Thanks for the link. The MultiZilla extension way back in the |
| 30 |
> Netscape/Mozilla/Seamonkey 1.x days treated certificates like this: |
| 31 |
> you had to approve all certs the first time, even if they were from a |
| 32 |
> trusted CA and if it ever changed for any reason, it would refuse to |
| 33 |
> connect unless you approved the new cert. |
| 34 |
> |
| 35 |
> It seems to me that's how it should *always* work, in all software |
| 36 |
> that uses SSL certificates, but I understand wanting to keep it simple |
| 37 |
> for non-technical users... but those are the very users most at risk, |
| 38 |
> probably the most likely to use hostile wifi networks (in my mind, |
| 39 |
> hostile is anything other than the router I control at my house). |
| 40 |
> |
| 41 |
> Additionally http://perspectives-project.org/ or |
| 42 |
> http://convergence.io/ can help you in establishing the initial trust |
| 43 |
> and are an attempt at eliminating the need to trust CAs at all. |
| 44 |
> |
| 45 |
|
| 46 |
|
| 47 |
Just a small follow-up: A neat server-sided trick I didn't know until |
| 48 |
now is HTTP Strict Transport Security [1]. It prevents users from |
| 49 |
clicking away SSL warnings and prevents mixed content. |
| 50 |
|
| 51 |
[1] http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security |
| 52 |
|
| 53 |
Regards, |
| 54 |
Florian Philipp |
Archives