[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

Adam Back adam at cypherspace.org
Tue Jan 8 07:16:56 EST 2013

IMO it is very bad practice that a number of banks use a domain that does
not match the main domain and brand for the login.  I have seen multiple
examples of what James mentioned.  For example www.natwest.com it does not
redirect to HTTPS, further when you click on login, it goes to
https://www.nwolb.com, and further chrome's green certifcate info field
shown to the left of the URL says "The Royal Bank of Scotland Group Plc

Thats like a triple fail 1) login link from non SSL site; 2) different and
apparently unrelated domain for HTTPS login; 3) the text field in the
browser doesnt even match the banks name.  (I presume Royal Bank of Scotland
Group bought Natwest, but the consumer does not know that, natwest as a
legal entity exists so why would some idiot put the parent company in the
cert?  Banks get sold/transferred/merged all the time.) Natwest is huge and
recognizable in the UK 2nd largest UK, 5th largest in world, if they cant
get it right..  doesnt bode well!  If you go look at free domains there are
dozens of more plausible and unregistered domains relating to these banks
names.  A little dns poisoning is all it would take to attack their accounts
even from technical users.  And because of their bad practice users are
trained to accept such things, so even the banks that do it right aren't

For some users natwest has those rotating access code keyfob things so maybe
they think they're done and it doesnt matter, user should've opted for the

Otherwise you'd wonder why the scammers arent emptying accounts by the
millions with these levels of incompetence via dns poison, phish etc.

Maybe we need a security warning when leaving an SSL site for a different
domain (otherwise you may not notice an edited cgi action URL, a
non-matching SSL login url, or maybe even a technical watchful and
suspicious user cant tell with various web UI tricks.


On Tue, Jan 08, 2013 at 09:42:24PM +1000, James A. Donald wrote:
>On 2013-01-08 7:26 PM, Ben Laurie wrote:
>>Modulo CAs not working correctly, this is what SSL does. So long as
>>you define "the right server" as being "the one with the domain name
>>you navigated to".
>Domain names are lengthy and not all that human memorable.    I logon 
>to citicard, the correct domain name is accountsonline.com. Am I 
>likely to notice if the domain name is accountsonlin.jim.com?
>Indeed, in that the correct domain name is not citicard, am I likely 
>to notice if the domain name Istealyourmoney.ru
>cryptography mailing list
>cryptography at randombit.net

More information about the cryptography mailing list