'[Bug 149436] New: konqueror should default to permanently accepting'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 149436] New: konqueror should default to permanently accepting
From:       Stefanos Harhalakis <v13 () priest ! com>
Date:       2007-08-31 16:47:45
Message-ID: 20070831184740.149436.v13 () priest ! com
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=149436         
           Summary: konqueror should default to permanently accepting
                    invalid certificates
           Product: konqueror
           Version: unspecified
          Platform: unspecified
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: konq-bugs kde org
        ReportedBy: v13 priest com


Version:           3.5.7 (using KDE 3.5.7, Debian Package 4:3.5.7.dfsg.1-1 \
                (lenny/sid))
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.22-v2-v

I'm filling this as a 'bug' since it is security related.

Please read:

http://groups.google.com/group/mozilla.dev.security/browse_frm/thread/b3caff5eeab499d3/2252211f72247176


It is a request I sent yesterday to firefox developers. I'm also pasting it here:

------
Hello there,

  As you already know (:-)) when firefox visits an SSL enabled site and gets a \
certificate that cannot be verified, asks the user about the action it should take. \
The current actions are: Accept Permanentely (#1), Accept for Session (#2), Don't \
Accept (#3), having #2 as the preselected option.

  I believe that this (option #2) is the most insecure of all. Let me explain my \
thoughts:

* If the user reject the certificate then there can be no harm
* If the user accepts the certificate permanently:
  * The certificate may be valid and thus he will be protected for all future \
                sessions, because a fake certificate will not match the already \
                accepted one.
  * The certificate may be fake (man in the middle). If it is fake, they user most \
probably will find it out when he will try to visit the site at another moment in the \
future, when there will be no mitm attack taking place. Firefox will warn then about \
the wrong certificate and the user will be alerted.

* If the user accepts the certificate permanently is like drawing a lot. A user that \
visits an https-powered webmail site 4-10 times a day just increases the possibility \
of a mitm attack to succeed.

  Of course you'd ask 'who visits a site so often and does not accept the certificate \
permanently'. Well, my experience shows that there are many such people (I work as a \
sysadmin in a University).

  So I suggest (and kindly ask) you to:

a) Change the default option to #1 or #3
b) Discourage people from selecting #2 (even display a warning box)
c) Perhaps implement an aging (cache expiring) method to delete very old certificate \
and possibly add an option 'remember for 1 year', where each new visit will reset the \
countdown timer.

  All of these could be accompanied with a more alerting dialog box to be shown when \
there is a certificate mismatch.

Best regards,
Harhalakis Stefanos
------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic