https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

William Pitcock nenolod at systeminplace.net
Thu Jul 24 09:06:07 UTC 2008


On Thu, 2008-07-24 at 09:51 +0200, Robert Kisteleki wrote:
> Patrick W. Gilmore wrote:
> > Anyone have a foolproof way to get grandma to always put "https://" in 
> > front of "www"?
> 
> I understand this is a huge can of worms, but maybe it's time to change the 
> default behavior of browsers from http to https...?
> 
> I'm sure it's doable in FF with a simple plugin, one doesn't have to wait 
> for FF4. (That would work for bookmarks too.)
> 

I don't think anything involving HTTPS is necessairly an answer to this
problem. Specifically:

* not all sites do HTTPS
* many organizations use transparent proxies like Microsoft ICA
* certification authorities can in theory be bought off (or otherwise
manipulated) to issue bogus certs, making switching to HTTPS worthless

William






More information about the NANOG mailing list