[cabfpub] Draft Zurich F2F Meeting agenda

Ryan Sleevi sleevi at google.com
Wed Apr 8 01:23:52 UTC 2015


On Tue, Apr 7, 2015 at 5:51 PM, Richard Wang <richard at wosign.com> wrote:
>
> Anyone think this problem need to discuss in next F2F meeting?
>

There's two parts to this proposal
1) Browsers should not trust manually installed roots
2) Browsers should detect local resolver modifications

To both problems, I'd point you to this FAQ about Chrom[e/ium]'s security
model -
http://www.chromium.org/Home/chromium-security/security-faq#TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-

That is, if you can manually install a root in Windows, it generally
requires administrative access. To install a root in Firefox, you just need
user-level access (since the root store is just a file next to Firefox). No
browser can reasonably defend against a model in which any mitigations can
easily be patched away.

Similarly, to modify the resolver, you require administrative privilege. If
you have that privilege, you can already modify whatever mitigations the
browser may have.

Microsoft's Security team put together a helpful discussion about computer
security principles, which they aptly named the "Ten Immutable Laws of
Security". You can find them here -
https://technet.microsoft.com/en-us/library/hh278941.aspx

For this problem, Immutable Laws 1, 2, and 6 all apply.

Hopefully this provides a further understanding about the reasoning when I
say that there is no interest from us on this topic. Respecting a device's
configuration, even when that configuration might be done by a "hostile
administrator", is, to us, working as intended - in that it is the
administrator's device to configure as they wish.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150407/b8e6e263/attachment-0003.html>


More information about the Public mailing list