Nelson B wrote: > Unless the page that contains that link is an https page, to substitute a > trojan, an attacker need only substitute his own URL for the original > page's URL while the page is in transit. A proxy server is a perfect > place to perform such an MITM attack. Http pages with login forms that > submit their contents via https have the very same vulnerability.
You are correct. Link Fingerprints is a way to validate a download from an untrusted source, when you start with a reference from a trusted source. If the orginal source is not trusted, then the system does not provide complete protection. It still provides some protection, because hacking the download box and then doing an MITM on the downloader is harder than just hacking the download box alone. Note that also, for the alarm not to be raised, you would need to MITM _every_ downloader. However, I will make it more clear in the spec that the original URL has to be provided from a trusted source. Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
