https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)
William Pitcock
nenolod at systeminplace.net
Thu Jul 24 09:06:07 UTC 2008
On Thu, 2008-07-24 at 09:51 +0200, Robert Kisteleki wrote:
> Patrick W. Gilmore wrote:
> > Anyone have a foolproof way to get grandma to always put "https://" in
> > front of "www"?
>
> I understand this is a huge can of worms, but maybe it's time to change the
> default behavior of browsers from http to https...?
>
> I'm sure it's doable in FF with a simple plugin, one doesn't have to wait
> for FF4. (That would work for bookmarks too.)
>
I don't think anything involving HTTPS is necessairly an answer to this
problem. Specifically:
* not all sites do HTTPS
* many organizations use transparent proxies like Microsoft ICA
* certification authorities can in theory be bought off (or otherwise
manipulated) to issue bogus certs, making switching to HTTPS worthless
William
More information about the NANOG
mailing list