I would like to propose that someone could implement an addon for
Mozilla applications with the following functionality:
- it comes with a list of several hundred known major services,
including https and email servers.
- if the user gets a certificate error on one of the
major sites, we check whether the user's system is able
to generate a trusted report.
- in order to generate a trusted report,
all trust settings for the list of Mozilla's built-in
CA certificate must be untouched
- the previous bullet is a simplification.
It's more difficult to come up
with a general mechanism if users use their own trust settings.
(As an option, if the user runs into a potential MITM situation,
the addon could propose that the user uses a separate application
profile with default settings for the purpose of
creating the report.)
- in order to generate a trusted report,
the user must own a personal certificate issued by one of the
CAs trusted by Mozilla software.
(If a person is willing to buy a personal certificate
that involves checking the identity of the person (class 2 ?),
the person's reports have increased credibility.)
- if the above preconditions are met,
then the addon can prompt the user, and offer the user
to create a report.
- the report will include the certificate presented by the site
- we can try to automatically create a "traceroute" from the user's
IP to the site, and include it in the report.
- the addon could automatically probe the list of major sites,
in order to identify other sites that are part of the potential
MITM attack.
For each site with a non-trusted cert, the add-on could include
that site in the report, too.
- the addon would create a CMS signed message,
signed with the user's certificate
- the addon could upload the report to a server.
If access to the server is blocked, the add-on can save a copy
of the report on disk, so the user can submit the report at a later
time, when using a different Internet connection.
- the processing server could ignore any submissions that are not
correctly signed.
I am aware of addons like Certificate Patrol. I believe my proposal is
different, because it would allow a simple mechanism to create credible
reports.
If we had such an addon, then we could ask people who travel a lot to
install this add-on, and encourage them to submit reports.
It would be interesting to know how frequently people run into MITM.
Because of the requirement to sign the reports, we would be able to
easily ignore most spam.
Before publishing major findings, we could contact the reporter by email
and ask for confirmation of the report.
I got the inspiration for this proposal after I recently experienced a
MITM situation myself. I am in the lucky position that I have the
knowledge to investigate and manually create a report of such an
experience. Many others don't. It would be good if we enabled them to
create such reports, without the requirement of expert knowledge.
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
