Re: [cap-talk] Firefox breaks the principle of identifiability

Tyler Close list at waterken.net
Tue Feb 8 18:50:01 EST 2005 

On Feb 8, 2005, at 1:46 PM, Ben Laurie wrote:
>
> list at waterken.net wrote:
>> On Feb 7, 2005, at 8:43 PM, Ben Laurie wrote:
>>> The Shmoo example does not demonstrate anything about PKI (though it
>>> is true that the particular CA chosen doesn't tell you much about
>>> who bought the certificate, which would strike me as a fairly
>>> effective prevention of the attack - the CA was, however, chosen
>>> for cheapness, not usefulness).
>> So you view the Shmoo example [1] as a showcase of the PKI providing
>> effective prevention against a phishing attack?
>
> No, I view it as a demonstration of the problems introduced by IDN.
>
>> My interpretation of the Shmoo example, and I suspect their intent,
>> is exactly the opposite. If we disagree on this point, we must have
>> wildly different understandings of the use model the WWW presents
>> to users.
>
> I know the intent, because I was involved. The intent was to show
> that the advice "check the URL and the lock" is not useful advice
> in the presence of (we now know) misimplemented IDN.
>
> But the fact that a CA chose not to bind useful information to the
> X509 cert tells us nothing about the viability of X509 as a method
> of binding useful information to domain names.

I disagree. The value of the X509 binding is dependent upon the user's
ability to disambiguate domain names. The Shmoo attack, among others,
shows that users cannot disambiguate domain names. Given this fact, the
domain name is a poor attach point for hooking in authentication
information. We can't base our authentication mapping on an unreliable
lookup key.

I think I remember reading in one of the X509 family of specifications a
warning that the Common Name should not be used as the sole binding key
for a certificate, but that the whole Distinguished Name should be
used. The HTTPS scheme violates this recommendation by binding to the
domain name, which is contained in the Common Name. I suppose an
argument could be made that X509 is being misused by HTTPS, and that
the problem is therefore with HTTPS, not X509.

> Its quite clear that the CA _could_ have bound the information that
> Eric Johanson purchased the cert and not PayPal. This would have
> been useful.

I just don't see X509 certificates ever being a plausible part of the
user interaction model. I don't think it matters what the X509
certificate says. Stopping to examine a certificate is just not part of
the web browsing workflow.

A glance given to a petname toolbar is no more difficult than a glance
to a lock icon, but is much more informative and reliable.

---
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

More information about the cap-talk mailing list