Gervase Markham wrote: > Nelson B wrote: >> Unless the page that contains that link is an https page, to substitute a >> trojan, an attacker need only substitute his own URL for the original >> page's URL while the page is in transit. A proxy server is a perfect >> place to perform such an MITM attack. Http pages with login forms that >> submit their contents via https have the very same vulnerability. > > You are correct. > > Link Fingerprints is a way to validate a download from an untrusted > source, when you start with a reference from a trusted source. If the > orginal source is not trusted, then the system does not provide complete > protection.
One needs a trusted source AND a trusted channel to that source. > It still provides some protection, because hacking the download box and > then doing an MITM on the downloader is harder than just hacking the > download box alone. Note that also, for the alarm not to be raised, you > would need to MITM _every_ downloader. The attacker may only wish to MITM one downloader, or a certain set of downloaders (e.g. the users of his web proxy). > However, I will make it more clear in the spec that the original URL has > to be provided from a trusted source. And through a trusted channel. > Gerv -- Nelson B 12345678901234567890123456789012345678901234567890123456789012345678901234567890 00000000011111111112222222222333333333344444444445555555555666666666677777777778 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
