On 24/2/09 00:20, Gervase Markham wrote:
On 19/02/09 17:36, Ian G wrote:
1. He has clearly laid out the trap of negative versus positive
feedback, and explained why Firefox 3 UI changes make the result less
secure than Ff2.
You'll need to elaborate on what you are saying here, because the way I
read it, he _hates_ the new FF3 security error pages, and will do
anything to avoid them. That looks like a win to me.
Recognising that this is an old debate, and etc etc, I thought myself it
was clear enough.
The negative response from FF3 is now so fierce that the attacker
prefers not to trigger it. Yes, this is "a win" on paper.
The point that is made is that the "positive response" is so weak that
it doesn't support the overall effect; the attacker just prefers to
trick the user using HTTP and some favicons or other simple symbols.
And (so the author claims) gets away with it easily enough, because
there is no "positive response" that is worth much these days.
He lays out the trap, but reasonable people can differ as to whether the
trap has closed, and whether it really hurts us.
Probably, we could see this as more of a killer issue if an ordinary
sysadm or an ordinary developer thought the "FF3 negative response" was
so fierce that they also preferred to stick to HTTP.
Such, if it happened, would then be a failure of security; the
principle here is that "the first requirement of security is usability."
This is easily shown: If the usability goes down, users drop the
system's security, and they then don't get security. Overall delivered
security goes down, and this tends to dominate theoretical or
cryptographic security.
However this is theorising, there is no evidence that this is happening.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
