Am 21.10.2015 um 20:22 schrieb Hanno Böck:
Not sure if I'm getting anything wrong, but doesn't this open a huge
security hole?
Yes I think so. Mitm may redirect you.
Scenario right now is that if I want to be secure on a webpage I type
in its HTTPS URL (either directly or through a bookmark) and can be
pretty much sure that as long as I don't click on external links that
I'll stay on that webpage.
No the server may redirect you and even worse the parts may be retrieved
from dozens of places and you have no clue from where. Common practice
is that your privacy is sold to third parties through ads, analytics,
like or pin buttons. This is not what I would expect from a secure site.
Basically this proposal would allow a man-in-the-middle to send
me to another webpage each time I click on a (supposedly https
protected) link. Given that there are many browsers these days
(mobile) that hide the URL bar thats even more severe.
This severely changes the security expectations one can have from a
browser.
Regards,
Roland
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
