padlock icon relies on address bar being visible
Michael Roitzsch
mroi at users.sourceforge.net
Wed Apr 20 20:04:21 BST 2005
Hi Konqueror team,
I just want to pass an idea of mine around amongst browser vendors:
I have lately written an article about a security flaw common to a lot of
browsers: The closed padlock icon is completely worthless when the user does
not verify the domain by looking at the address bar, yet there is no
indication in the user interface telling the user to do that. Even worse,
some browsers allow UI configurations where the padlock icon is visible, but
the address bar is not. While this is a good idea (URIs are an internal
detail, the user should not have to worry about it), the padlock icon needs
enhancement to ensure secure operation.
You can find my small article about the subject here:
http://www.amalthea.de/publications/browser-padlock-flaw.pdf
A generic solution to homograph attacks I presented can be easily included
into the above idea, since the verification of the domain name is susceptible
to homograph attacks:
http://www.amalthea.de/publications/homograph.pdf
To summarize: I propose a whitelist of trusted domains. Everytime the user
enters a new SSL site, a dialog asks, if the domain is trusted. The closed
padlock is only shown for trusted SSL sites.
Michael Roitzsch
--
A train station is a station where trains stop -
but what the hell is a workstation ?
More information about the kfm-devel
mailing list