RE: ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques] from Mary Ellen Zurko on 2008-01-08 (public-wsc-wg@w3.org from January 2008)

From: Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Date: Tue, 8 Jan 2008 12:22:33 -0500
To: tyler.close@hp.com
Cc: "public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Message-ID: <OF7D4E2665.65A23BBC-ON852573CA.005F37F2-852573CA.005F7384@LocalDomain>
It's working through viable deployable patterns for the infrastructure 
behind it that has me doubtful (not the coding in the user agent, which, 
as you rightly point out, is quite modest). 

Is there enough infrastructure bits lying about for this? Is there place 
to put a mailto: url that could be used, for example? Just what would it 
be associated with? 

          Mez





From:
"Close, Tyler J." <tyler.close@hp.com>
To:
Mary Ellen Zurko <Mary_Ellen_Zurko@notesdev.ibm.com>
Cc:
"public-wsc-wg@w3.org" <public-wsc-wg@w3.org>
Date:
01/07/2008 06:36 PM
Subject:
RE: ISSUE-127: Safe Form Bar: Separate MITM handling? [Techniques]


There's a chicken and egg problem here. If the browser  provides the hook, 
then maybe the service will be developed. If the browser  doesn't provide 
the hook, then we're stuck with the pitiful options we have now.  It's not 
like it's such an incredible implementation burden, that we need to ensure 
a browser can be "conditionally compliant" without it. It's one 
configuration option and another button in a rarely seen dialog if the 
option is set.
 
--Tyler


From: Mary Ellen Zurko  [mailto:Mary_Ellen_Zurko@notesdev.ibm.com] 
Sent: Monday, January  07, 2008 3:17 PM
To: Close, Tyler J.
Cc: public-wsc-wg@w3.org
Subject: RE: ISSUE-127: Safe Form Bar: Separate  MITM handling? 
[Techniques]


>From my point of view, because we  don't have an alert service that's 
useful. That's why I was OK with MAY. I get  that it would be a nice thing 
to have. But the infrastructure doesn't exist to  make it work often 
enough for a SHOULD. 

          Mez





From: 
"Close, Tyler J."  <tyler.close@hp.com> 
To: 
Mary Ellen Zurko  <Mary_Ellen_Zurko@notesdev.ibm.com>, 
"public-wsc-wg@w3.org"  <public-wsc-wg@w3.org> 
Date: 
01/07/2008 06:11 PM 
Subject: 
RE: ISSUE-127: Safe Form Bar: Separate  MITM handling? [Techniques]




The text of ISSUE-160 includes the  statement:

"I'm still not buying the  notification stuff. MAY at best."

I  understand there are other points bundled up in ISSUE-160, but I'ld 
like to  get some more details on this particular point. Why exactly is 
offering  notification a problem?

I actually had a  whole series of relevant experiences with the internal 
intranet at work this  morning. Here's a story for ISSUE-160. I clicked a 
hyperlink to an intranet  web service I use once in a while. It's 
certificate chain is rooted at one of  the custom CAs used here. Normally, 
these custom CA certificates are  auto-magically distributed to our 
desktops by the same software that does  security updates. For some 
reason, this web service has changed certificate  chains and is now using 
a CA cert that I don't yet have. I don't want to click  through the cert 
warning to the service because that will reveal my  username/password, 
which are kept in a cookie. So I can't find out who to  complain to by 
looking at the hosted web pages. Wouldn't it be nice if the  software 
which updates my browser's CA list could also configure a URL to be pinged 
when I encounter such a potential MITM attack. That way the dialog  shown 
by the browser could offer me a nice button to click: "get someone else to 
deal with this problem". Instead, the button it offers me is "click here 
to  ignore this MITM attack and turn over your password to some random 
computer on  the intranet".

--Tyler

--
[1] "Web Security  Context: Experience, Indicators, and Trust" 
<http://www.w3.org/2006/WSC/drafts/rec/#safebar-mitm>

________________________________

From: public-wsc-wg-request@w3.org [mailto:public-wsc-wg-request@w3.org] 
On Behalf Of Mary Ellen Zurko
Sent: Friday, January 04, 2008 6:59 AM
To:  public-wsc-wg@w3.org
Subject: Re: ISSUE-127: Safe Form Bar: Separate MITM  handling? 
[Techniques] 



ISSUE-160  makes the same basic proposal, perhaps for the same basic 
reasons, but I'm  leaving both open and cross referenced, in case the 
resolutions of the  underlying issues turn out to be different.

I agree that there should be only one place this is discussed. And from 
the logic of the document, it is in other places. If there is something in 
 section 7 that should inform those other places, proposals for changes to 
 those other places should be made. I'll give other folks a little more 
time on  this issue to discuss, then do a straw poll of any concrete 
proposals on the  table (so far there is one, to remove 7.9, but I'm 
certain there could be  others that respond to the issues raised).

http://www.w3.org/2006/WSC/track/issues/127 <
http://www.w3.org/2006/WSC/track/issues/127>
http://www.w3.org/2006/WSC/track/issues/160 <
http://www.w3.org/2006/WSC/track/issues/160> 

Mez
Received on Tuesday, 8 January 2008 17:22:58 UTC