[cryptography] SSL is not "broken by design"

Nico Williams nico at cryptonector.com
Mon Sep 19 19:47:54 EDT 2011

On Mon, Sep 19, 2011 at 6:42 PM, James A. Donald <jamesd at echeque.com> wrote:
> The user expects a login screen.  Login screens are *not* traditionally full
> screen, even on cell phones.  Therefore, if we take login out of the web
> page, if the user ceases to expect or perceive login as happening out there
> on the web, but instead perceives it as happening locally, the user will not
> expect a full screen login page.
> That is how gamer apps usually do it.
> If the login page has a distinctive look, not easily faked (non rectangular,
> overlapping the background, customized to user), it will be a trustworthy UI
> path.

This works for local apps, and it works for remote apps when the
attacker can't MITM.  The login screen (and possibly the transition to
it) should be defined by the user.

The user still needs to be able to tell whether some web page is
"trusted" or not (meaning the mutual authentication was done).  This
should be accessible via SAS at least.

More information about the cryptography mailing list