Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2

[Michal Zalewski <lcamtuf () dione cc>]

On Tue, 20 Nov 2007, Kapetanakis Giannis wrote:

> I would consider this a feature of the X509 standard and not a bug.

The behavior is remarkably counterintuitive. It could be reasonably
expected for the browser to properly communicate the situation (show a
list of aliases) to the user, or better yet, to initially bind non-trusted
certs to their originating domain only, at least until an explicit desire
to extend their authority is expressed by the user.

What the standard says is immaterial - it is not expected to anticipate
that we might live in an world where scores of low-budget, non-sensitive
sites use self-signed certs - but it's unreasonable to expect any user to
refrain from visiting some page *at all* just because of a certificate
warning (he should be wary of the content therein, of course, but so
what).

If any attempt to visit such a page bears an inherent, undisclosed risk -
other than the page itself possibly being bogus, of course - there's a bug
to be fixed.

> If a user is fool enough to accept lame certs (even temporary) and then
> later on send his private data in secure sites without checking the
> certificate (at least the CN which yells the difference) then he
> probably asked for it.

The Web is used by close to a billion people who do not necessarily check
the details of SSL certs, or inspect all HTTP headers, on *every single*
login to their webmail or online banking site.

We may perhaps blame them if they click through clear and concise security
warnings, or subvert other measures, and willingly consent to an
unnecessary risk - but when they rely on the expertise of browser vendors
to know that something is wrong, and get burned - well, it's not their
fault.

/mz