[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: [Bug 149436] New: konqueror should default to permanently accepting
From: Stefanos Harhalakis <v13 () priest ! com>
Date: 2007-08-31 16:47:45
Message-ID: 20070831184740.149436.v13 () priest ! com
[Download RAW message or body]
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=149436
Summary: konqueror should default to permanently accepting
invalid certificates
Product: konqueror
Version: unspecified
Platform: unspecified
OS/Version: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: general
AssignedTo: konq-bugs kde org
ReportedBy: v13 priest com
Version: 3.5.7 (using KDE 3.5.7, Debian Package 4:3.5.7.dfsg.1-1 \
(lenny/sid))
Compiler: Target: i486-linux-gnu
OS: Linux (i686) release 2.6.22-v2-v
I'm filling this as a 'bug' since it is security related.
Please read:
http://groups.google.com/group/mozilla.dev.security/browse_frm/thread/b3caff5eeab499d3/2252211f72247176
It is a request I sent yesterday to firefox developers. I'm also pasting it here:
------
Hello there,
As you already know (:-)) when firefox visits an SSL enabled site and gets a \
certificate that cannot be verified, asks the user about the action it should take. \
The current actions are: Accept Permanentely (#1), Accept for Session (#2), Don't \
Accept (#3), having #2 as the preselected option.
I believe that this (option #2) is the most insecure of all. Let me explain my \
thoughts:
* If the user reject the certificate then there can be no harm
* If the user accepts the certificate permanently:
* The certificate may be valid and thus he will be protected for all future \
sessions, because a fake certificate will not match the already \
accepted one.
* The certificate may be fake (man in the middle). If it is fake, they user most \
probably will find it out when he will try to visit the site at another moment in the \
future, when there will be no mitm attack taking place. Firefox will warn then about \
the wrong certificate and the user will be alerted.
* If the user accepts the certificate permanently is like drawing a lot. A user that \
visits an https-powered webmail site 4-10 times a day just increases the possibility \
of a mitm attack to succeed.
Of course you'd ask 'who visits a site so often and does not accept the certificate \
permanently'. Well, my experience shows that there are many such people (I work as a \
sysadmin in a University).
So I suggest (and kindly ask) you to:
a) Change the default option to #1 or #3
b) Discourage people from selecting #2 (even display a warning box)
c) Perhaps implement an aging (cache expiring) method to delete very old certificate \
and possibly add an option 'remember for 1 year', where each new visit will reset the \
countdown timer.
All of these could be accompanied with a more alerting dialog box to be shown when \
there is a certificate mismatch.
Best regards,
Harhalakis Stefanos
------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic