On 20/04/12 01:06 AM, helpcrypto helpcrypto wrote:
Since you typically need a bunch of calls in order to do something
"pkcs11-ish" you would annoy the user with tons of warning dialogs.
False, just a warning to confirm the website can use the smartcard,
and PIN/Password when needed.
Yes, technically that can be done. In code. But, security-model wise,
it cannot be done.
Think of phishing. We know that the average userbase is phished quite
successfully. Losses seem to run to many millions per year. Some
estimates ran to a billion a year, but it seems more likely to be around
100m a year.
Phishing is directly about the browser's warnings and interfaces
protecting the user from doing the "wrong thing" whatever that is.
And it failed. The browser explicitly directly positively failed to
protect the user from, and we know that because the security model it
has is explicitly directly positively targetted to doing exactly that -
stop someone bad pretend to be someone good.
So, we can reasonably claim with a high degree of certainty - because we
have all the phishing history & losses to rely on - that when your
preferred design of a warning is put out there, the user will be phishable.
This is a pretty reliable statement. If you want to challenge the
above, you've kinda got to imagine that you can do better than Mozilla
or that phishing didn't happen or thieves are allergic to smart cards or ?
So, do you accept that? Warning means Phishing.
If you do ... then we can ask several questions.
How much value are you protecting? Are smart cards the right tool?
And, is Mozilla interested in exposing all smart cards to phishing?
Difficult questions :)
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
