[Cryptography] client certificates / client-side proxy
Bear
bear at sonic.net
Wed May 28 18:20:02 EDT 2014
On Tue, 2014-05-27 at 16:40 -0700, John Gilmore wrote:
> > Good security design is compartmental. We should be
> > writing software that has strictly defined information
> > inputs and outputs, and does specific, narrow things
> > with them. Ideally, most of the "sensitive" pieces
> > should start, run, and exit without ever putting up
> > any UI.
> >
> > A client-side proxy is a much better idea in the first
> > place than a plugin, because a client-side proxy has
> > much more narrowly defined information input and output
> > and a much more well-defined job to do. Its design need
> > not be warped by conforming to conventions or standards
> > driven by non-security considerations.
>
> I'm confused. What's the difference between a "client-side proxy"
> versus a "wifi access point that hijacks the first web access" versus
> a "man in the middle"?
>
> It seems to me that a client-side proxy has a broad scope for
> mischief, since by definition all the browser's traffic has to go
> through it.
Its broad scope for mischief is much more well-defined
and monitorable than the broad scope for mischief of a
plugin.
If you want security, IMO, you want simple components that
each do one thing, work with publicly specified interfaces,
and have minimize 'implicit' ways for information to be
passed between them. If something isn't in the HTTP stream,
then a proxy isn't where it can see that thing.
OTOH, a Plugin can see browser settings, browser history,
cookies, and probably contacts and appointments and your
mail and news preferences depending on how many other
plugins you've got and how they're configured. With a
plugin you have to secure every bit of that additional
stuff against it, AND everything in the HTTP stream as
well. With a proxy you just have to secure the HTTP
stream.
Further, a plugin has a much more complicated life. It has
to coexist with an unknown number of other plugins, many of
which will appear in combinations its never been tested with
and which may be doing other things with whatever it's trying
to secure (or whatever it's trying to steal, depending on
who wrote the plugin and why).
More information about the cryptography
mailing list