[cryptography] SSL is not "broken by design"

Ben Laurie ben at links.org
Tue Sep 20 05:27:31 EDT 2011

On Tue, Sep 20, 2011 at 4:09 AM, James A. Donald <jamesd at echeque.com> wrote:

> On Tue, Sep 20, 2011 at 12:42 AM, James A. Donald<jamesd at echeque.com>**
> wrote:
>> The user expects a login screen.  Login screens are *not* traditionally
>>> full screen, even on cell phones.  Therefore, if we take login out of the
>>> web page, if the user ceases to expect or perceive login as happening out
>>> there on the web, but instead perceives it as happening locally, the user
>>> will not expect a full screen login page.
> On 2011-09-20 12:20 PM, Ben Laurie wrote:
>> That is not the issue. The issue is that if an app can be full screen it
>> can
>> fake whatever a login window looks like.
> Which is why I said that the logon screen should rearrange other windows on
> the desktop so as to always be overlapping.
> When you launch your true login app, nothing that an adversary might be
> able to control should be allowed to be full screen.  If your browser is up,
> showing a web page, it will be moved and resized so that the login screen
> partially overlaps it.
> That is why I earlier said:
>        It has a colorful and irregular non rectangular window that
>        differs from one user to the next, and it always positions
>        itself and other windows so that it overlaps both the web
>        page, and the desktop or whatever non web apps happen to
>        be there.
> Thus if the user sees the login page seemingly wholly on top of a web page,
> this will look funny.

So how do you stop the full screen app from simulating all this?

Note that relying on the user to notice the screen isn't "as expected" has
already been shown not to work, at least for many cases of "as expected".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110920/96180b0a/attachment.html>

More information about the cryptography mailing list