|
|
|
|
|
|
by pfg
3163 days ago
|
|
|
> If it's not a EV certificate, the browser user interface changes and a security-conscious user may notice. This is often used as an argument by EV advocates, but it doesn't hold up under scrutiny. An attacker with access to a non-EV certificate can selectively intercept only connections for subresources of the targeted site (i.e. JavaScript). The "main" connection would still use the EV certificate and thus show the browser indicator. This attack was first made public in 2008[1] and has been further refined in later work[2]. HPKP and the Expect-CT header provide some viable mitigations for this. That said, it seems unlikely to me that a nation-state adversary would choose to attack at the Web PKI level in this scenario. Compromising ProtonMail or the user's device would probably cheaper and less likely to be detected. [1]: http://w2spconf.com/2008/papers/s2p1.pdf [2]: https://www.blackhat.com/presentations/bh-usa-09/SOTIROV/BHU... |
|
|