[cabfpub] Draft Zurich F2F Meeting agenda
Geoff Keating
geoffk at apple.com
Wed Apr 8 01:33:52 UTC 2015
> On 7 Apr 2015, at 5:51 pm, Richard Wang <richard at wosign.com> wrote:
>
> WoSign just finish a test for all browser’s warning in SSL problem, especially for China brand browsers.
>
>
>
> We found a maybe-problem for browsers (IE/Chrome/Safari/Opera) that:
>
> (1) Test scenarios: install a untrusted root to Windows Trusted root, and the untrusted root issued SSL for a bank site, and set the local host to this site fraud IP;
>
> (2) Result: when we use IE/ Chrome/Safari/Opera visit this fraud site that the fraud SSL certificate, the browsers no warning, only Firefox, 360 Browser, UC Browser have the redirect security warning.
>
> (3) Suggestion: I think all browser should NOT trust all manual installed root and should detect the local host file modification, and give warning.
>
>
>
> Anyone think this problem need to discuss in next F2F meeting?
>
This is a normal scenario if the user is intentionally using a SSL intercepting firewall. I am not super comfortable with the existence of SSL intercepting firewalls but if they must exist this is how you use them.
However, at least Safari should never show a green EV indicator in this situation, and I think this is the same for all browsers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20150407/e18600d7/attachment-0001.p7s>
More information about the Public
mailing list