IETF Logo Mail Archive

Re: [TLS] [certid] review of draft-saintandre-tls-server-id-check-09

Martin Rex <mrex@sap.com> Thu, 23 September 2010 18:15 UTC

Return-Path: <mrex@sap.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F2F6E3A6AC4; Thu, 23 Sep 2010 11:15:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.804
X-Spam-Level:
X-Spam-Status: No, score=-9.804 tagged_above=-999 required=5 tests=[AWL=0.445, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQVhLCdkpw0M; Thu, 23 Sep 2010 11:15:13 -0700 (PDT)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by core3.amsl.com (Postfix) with ESMTP id 77B4F3A6A94; Thu, 23 Sep 2010 11:15:12 -0700 (PDT)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id o8NIFejf024879 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 23 Sep 2010 20:15:40 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201009231815.o8NIFdDi023872@fs4113.wdf.sap.corp>
Subject: Re: [TLS] [certid] review of draft-saintandre-tls-server-id-check-09
To: tls@ietf.org, certid@ietf.org
Date: Thu, 23 Sep 2010 20:15:39 +0200
In-Reply-To: <4C9B78D5.4090907@extendedsubset.com> from "Marsh Ray" at Sep 23, 10 10:57:09 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Scanner: Virus Scanner virwal06
X-SAP: out
Cc: hotz@jpl.nasa.gov, certid@ietf.org, ietf@ietf.org, tls@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Sep 2010 18:15:15 -0000

Marsh Ray wrote:
> 
> Martin Rex wrote:
> >
> > Thinking about it, I feel slightly uneasy about some redirects, such as
> > https://gmail.com  ->  301 ->   https://mail.google.com/mail
> >
> > I think these should never go without a warning.
> 
> That bugs me too. Lots of sites do it though, usually with Javascript.
> 
> > If my banks online-banking portal (https://www.<mybank>.de)
> > would suddently redirect me to https://www.<mybank>.com before
> > asking me for credentials and transaction authorization codes,
> > that would be a real security problem, because www.<mybank>.com
> > is not leased by my bank (it is apparently not currently leased to anyone)
> > 
> > A hacker that breaks into a web-site in order to do trap
> > victims
> 
> The site is now 100% (to use the technical term) "pwned".
> 
> It's not possible for a network security protocol to survive the 
> compromise of one of the endpoints. We can no longer reason about Alice 
> and Bob if Bob is allowed to be under the hypnotic control of Eve.

True.   I used the wrong words in what I was trying to say.

There is definitely little that you can do about a full compromise of
the real server.

But blindly trusting browsers may easily turn seemingly small security
vulnerability (every XSS, CSRF, content upload), that enables diverting
a victim to the attackers own server seamlessly, close to equivalent to
a full compromise of the real server for the purpose of capturing
sensible or confidential information from the victim.

-Martin

v2.23.0 | Report a Bug | By Email