[cryptography] SSL is not "broken by design"

Nico Williams nico at cryptonector.com
Mon Sep 19 18:46:45 EDT 2011


On Mon, Sep 19, 2011 at 3:48 PM, James A. Donald <jamesd at echeque.com> wrote:
> On 2011-09-20 5:16 AM, Nico Williams wrote:
>> [...]
>
> Suppose that zero knowledge logon is widely implemented:
>
> [points out that UI issues remain]

Of course.  We need trusted UI paths.  That's a hard problem.  We know
users dislike SAS (secure attention sequences).  We know people want
full-screen apps.  These constraints make it almost impossible, if not
impossible to get any sort of trusted UI path, and without that we
might as well go home.  A perfect PKI wouldn't help us either without
a trusted UI path.  And we know that the lock icon in browser status
bars hasn't worked very well either.

The UI issue is critical.

Is it fundamentally impossible to construct a workable, trusted UI
path?  I am not ready to conclude so.

For a desktop I'd say: reserve some screen real estate for a trusted
UI where all password-like prompts from the system and "trusted" apps
are to appear.  Use a color scheme (or pattern, for the color blind)
to label windows, etc.., disallow nesting of windows with different
labels, train users never to enter sensitive info in windows dressed
in some color (say, red).  And so on.  These are not new ideas: they
come from the "trusted desktop" world.

For smartphones and tablets I'd say: reserve one or more buttons
(touch is OK) for the system, such as the home key in Android, and use
that as an SAS to get at labeling information, and preferably, also,
reserve an LED or a couple of lines of screen real estate for labeling
as well.

Are there potential pitfalls in these approaches?  Yes.  For example:
a home key SAS for touch screen systems had better have predictable,
real-time response rates, or else it will be spoofable.

The question is: is any of the above fundamentally flawed?  Are there
any other alternative UI designs that are not fundamentally flawed?

Nico
--



More information about the cryptography mailing list