person most directly responsible for
the browser SSL CA model as we know
it, and that guy told him, “Oh yeah, the
CA model… we just threw that in at the
end. We really had no idea.”
So why do the browser vendors hold
onto this obviously outmoded CA
model, while making it obvious they
don’t want to help out with Conver-
gence despite all the community sup-
port for that?
GN-N: It’s probably because moving
to Convergence would represent more
work on their part. That’s usually why
people resist doing something.
Anyway, are the implementers going to have to worry about it, or are they
just going to wait for the browser vendors to create it?
JG: As I understand the Convergence
spec, the 1. 8 million websites that currently have SSL enabled should not
have to do anything, since the idea is
for everything to work exactly as it currently does. Everything should happen
over on the browser and the notary
side. We should be able to carry forward the CA model through an interim
period, but we would also need to have
20 or 100 notaries set up at different
organizations, and the browsers would
need to support that.
GN-N: So far, we have talked about
protection. Let’s look now at what is
happening over on the attack side.
JG: I caused a bit of a furor at a conference a few years ago by talking about
intranet hacking. What I meant is that
you can go to a website and use it to
force your browser to make basically
any type of Web request of any location
you want. We generally refer to that
now as cross-site request forgery, but
until 2006, no one had really thought
about that. People knew, of course, that
you could force your browser to make
a request of any public website, but
then Robert Hampton and I made the
observation that you could force your
browser to make a request of an RFC-
1918 network, such as a 10.0.0.1, and
then just start hacking the intranet.
We showed how you could go to a
public website and force your browser
to hack into your own DSL router from
the inside and then move out to the
Web interface and change the settings.
Normally, devices on the intranet don’t
have very good Web security because of
the understanding that you can’t hack
them from the outside, which is true.
But at the same time, there is nothing
to prevent the browser itself from be-
ing used as an attack platform by bad
guys on the outside.