Client Certificate UI for Chrome?

Jerry Leichter leichter at lrw.com
Mon Sep 7 08:58:10 EDT 2009 

On Sep 3, 2009, at 12:26 AM, Peter Gutmann wrote:
>> This returns us to the previously-unsolved UI problem: how -- with  
>> today's
>> users, and with something more or less like today's browsers since  
>> that's
>> what today's users know -- can a spoof-proof password prompt be  
>> presented?
>
> Good enough to satisfy security geeks, no, because no measure you  
> take will
> ever be good enough.  However if you want something that's good  
> enough for
> most purposes then Camino has been doing something pretty close to  
> this since
> it was first released (I'm not aware of any other browser that's  
> even tried).
> When you're asked for credentials, the dialog rolls down out of the  
> browser
> title bar in a hard-to-describe scrolling motion a bit like a  
> supermarket till printout....
I'm not sure what version of Camino you're running.  The most recent  
versions use a standard Mac OS GUI element to prompt for passwords -  
it's indistinguishable from what you get from Safari.  In both cases,  
a special prompt window scrolls down out of the chrome, covering some  
of the main body of the window.  It has a distinctive look:  After  
it's scrolled down, it appears to be "under" the chrome but over the  
top of the body.  In Safari - I didn't experiment with Camino - it's  
physically tied to the browser window, moving and iconifying with it,  
and is fully modal at the window level - you can't switch to another  
tab in the same window.  (Curiously, you *can* switch to a different  
window.)  The "loading" indicator in the address bar remains active  
while you're being prompted.  The *intent* is clearly to create  
something hard to spoof, but I don't know enough Flash to say if one  
could produce an accurate, or even plausible, fake.  (Of course,  
*most* passwords on the Web are entered into some random web page.  A  
distinctive secure prompt that only appears in a minority of cases  
doesn't help much.)

The most common MacOS password prompts are from the keychain program,  
since you typically store your passwords there.  (There are  
configurations in which it just asks for permission, not for a  
password; and configurations in which it just sends the password.  But  
if you want to be careful, you only want keychains unlocked when you  
intend to use them.)  Since *any* program - including programs with no  
visible GUI - can use keychains, these prompts are necessarily stand- 
alone windows at least sometimes (and for uniformity, they are so all  
the time).  Those could be spoofed more easily (though if you're  
really cautious, you can unlock the necessary keychain by hand ahead  
of time and arrange to just give permission to use the entry later, so  
you're never entering your password into a window that just pops up on  
its own).

                                                         -- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list