KIO design problem
George Staikos
staikos at kde.org
Sun Dec 1 22:04:49 GMT 2002
On Sunday 01 December 2002 16:16, Waldo Bastian wrote:
> > Mozilla immediately changes the URL to http://sourceforge.net. However,
> > we verify SSL before it gets to the slave, so no protocol information is
> > known. What do we do here? I don't like the idea of trusting a remote
> > site in SSL mode before we even verify its credentials, but it seems that
> > other browsers actually do so (!!). Do we have to have a call-back here
> > so that the slave can decide to postpone or cancel certificate
> > verification? Any other suggestions?
>
> If you want to handle this like mozilla then ssl should indeed delay its
> certificate verification till it has parsed the header. From a security
> point of view I find that doubtfull behaviour. An attacker could redirect a
> user to https://scurceforge.net/index.html or a (hijacked)
> http://sourceforge.net this way without the user getting any alert.
We can split this in two, but it's messy. Basically we can check to make
sure that the certificate is trusted, but not check the CN until later. I
still don't like it. Or we can just declare their setup to be broken?
Technically it is I think, since we are interpreting data from the server
before verifying the cert.
--
George Staikos
More information about the kfm-devel
mailing list