From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: 343eb45639619a286961b0e88b2d15b1a4f4c73e935b1b4cc8c91e8fad04171f
Message ID: <307F601F.19A2@netscape.com>
Reply To: <Pine.SOL.3.91.951013122654.26464D-100000@chivalry>
UTC Datetime: 1995-10-14 07:04:37 UTC
Raw Date: Sat, 14 Oct 95 00:04:37 PDT
From: Jeff Weinstein <jsw@netscape.com>
Date: Sat, 14 Oct 95 00:04:37 PDT
To: cypherpunks@toad.com
Subject: Re: Same ol' massive MITM exposure in Netscape 2.01b
In-Reply-To: <Pine.SOL.3.91.951013122654.26464D-100000@chivalry>
Message-ID: <307F601F.19A2@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Simon Spero wrote:
> 1) The client does not do any verification that the certificate used for
> the transaction is one associated with the server, allowing MITM
> substitutions as long as the server has a properly signed certificate
>
> 2) The client does not issue warnings for redirections from one https
> page to another https page, even if the url to which it is redirected has
> a different hostname to the url originally dereferenced.
I'm working on these right now. A future beta will have fixes for
this.
> 3) In the case of redirection, the document info screen does not provide
> information about the originaly referenced page, just the final page.
> This allows the MITM to intercept the first request, steal the request
> data, then issue a redirect to hide the certificate used in the intercept.
If the previous two are fixed, it doesn't seem that this is really
important.
> 4) In the beta version, the document info page does not display the
> security info (I did check with MITM disabled).
Did you have the disk cache turned off?
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to October 1995
Return to “Simon Spero <ses@tipper.oit.unc.edu>”