HTTPS mutual authentication alpha release - please test

cyphrpunk cyphrpunk at gmail.com
Thu Nov 3 18:00:06 EST 2005


On 11/3/05, Nick Owen <nowen at wikidsystems.com> wrote:
> cyphrpunk wrote:
> > On 10/31/05, Nick Owen <nowen at wikidsystems.com> wrote:
> >
> >>The system works this way: Each WiKID domain now can include a
> >>'registered URL' field and a hash that website's SSL certificate.  When
> >>a user wants to log onto a secure web site, they start the WiKID token
> >>and enter their PIN. The PIN is encrypted and sent to the WiKID server
> >>along with a one-time use AES key and the registered URL.  The server
> >>responds with a hash of the website's SSL certificate.  The token client
> >>fetches the SSL certificate of the website and compares it the hash.  If
> >>the hashes don't match, the user gets an error.  If they match, the user
> >>is presented with registered URL and the passcode.  On supported
> >>systems, the token client will launch the default browser to the
> >>registered URL.
> >
> >
> > What threat is this supposed to defend against? Is it phishing? I
> > don't see how it will help, if the bogus site has a valid certificate.
>
> Yes, phishing.  The token client isn't checking to see if the cert is
> valid, it's only checking to see if it's the same as the one that is on
> the WiKID authentication server.  The cert doesn't have to be valid or
> have the root CA in the browser.

But this would only help in the case that an old URL is used and a new
certificate appears, right? That's what would be necessary to get a
match in your database, pull down an old certificate, and find that it
doesn't match the new certificate.

Phishers don't do this. They don't send people to legitimate URLs
while somehow contriving to substitute their own bogus certificates.
They send people to wrong URLs that may have perfectly valid
certificates issued for them. I don't see how your system defends
against what phishers actually do.

CP

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list