[Cryptography] client certificates / client-side proxy

Bear bear at sonic.net
Wed May 28 18:20:02 EDT 2014


On Tue, 2014-05-27 at 16:40 -0700, John Gilmore wrote:
> > Good security design is compartmental.  We should be 
> > writing software that has strictly defined information
> > inputs and outputs, and does specific, narrow things 
> > with them.  Ideally, most of the "sensitive" pieces 
> > should start, run, and exit without ever putting up 
> > any UI. 
> > 
> > A client-side proxy is a much better idea in the first 
> > place than a plugin, because a client-side proxy has 
> > much more narrowly defined information input and output 
> > and a much more well-defined job to do.  Its design need
> > not be warped by conforming to conventions or standards 
> > driven by non-security considerations. 
> 
> I'm confused.  What's the difference between a "client-side proxy"
> versus a "wifi access point that hijacks the first web access" versus
> a "man in the middle"?
> 
> It seems to me that a client-side proxy has a broad scope for
> mischief, since by definition all the browser's traffic has to go
> through it.  

Its broad scope for mischief is much more well-defined 
and monitorable than the broad scope for mischief of a 
plugin.  

If you want security, IMO, you want simple components that 
each do one thing, work with publicly specified interfaces, 
and have minimize 'implicit' ways for information to be 
passed between them.  If something isn't in the HTTP stream, 
then a proxy isn't where it can see that thing.

OTOH, a Plugin can see browser settings, browser history, 
cookies, and probably contacts and appointments and your 
mail and news preferences depending on how many other 
plugins you've got and how they're configured.  With a 
plugin you have to secure every bit of that additional 
stuff against it, AND everything in the HTTP stream as 
well.  With a proxy you just have to secure the HTTP 
stream.  

Further, a plugin has a much more complicated life.  It has
to coexist with an unknown number of other plugins, many of
which will appear in combinations its never been tested with
and which may be doing other things with whatever it's trying
to secure (or whatever it's trying to steal, depending on 
who wrote the plugin and why). 






More information about the cryptography mailing list