[Cryptography] client certificates / client-side proxy
Phillip Hallam-Baker
phill at hallambaker.com
Wed May 28 08:42:12 EDT 2014
On Tue, May 27, 2014 at 7:40 PM, John Gilmore <gnu at toad.com> wrote:
>> Good security design is compartmental. We should be
>> writing software that has strictly defined information
>> inputs and outputs, and does specific, narrow things
>> with them. Ideally, most of the "sensitive" pieces
>> should start, run, and exit without ever putting up
>> any UI.
>>
>> A client-side proxy is a much better idea in the first
>> place than a plugin, because a client-side proxy has
>> much more narrowly defined information input and output
>> and a much more well-defined job to do. Its design need
>> not be warped by conforming to conventions or standards
>> driven by non-security considerations.
>
> I'm confused. What's the difference between a "client-side proxy"
> versus a "wifi access point that hijacks the first web access" versus
> a "man in the middle"?
>
> It seems to me that a client-side proxy has a broad scope for
> mischief, since by definition all the browser's traffic has to go
> through it. To the extent that it has ANY user interface, it has to
> ALTER the received HTML in order to present information to the user,
> or solicit information from the user. This is not a recipe for either
> good UI design nor end-to-end security.
A client side proxy is better than a plug in in the same way that
having a root canal is better than having your eyes gouged out with
hot pincers.
Better does not mean 'good'.
The problem with plug ins is that they don't compose and they aren't
maintainable. They are a fine platform for testing and
experimentation. They are a lousy long term solution unless backed by
a huge developer team. Google Toolbar is probably the exception that
proves the rule.
What using a proxy does force is a frictionless user interface. I am
using a proxy in my mail encryption project because I want to prevent
any additional UI burden on the user.
There are far too many security proposals of the form 'if every Web
user does X every time they use the web we will be secure' not least
because X is often obscure and complicated and tedious. Even the
proposers of these schemes don't use them.
More information about the cryptography
mailing list