From owner-freebsd-current@FreeBSD.ORG  Wed Jun 21 07:31:27 2006
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
X-Original-To: freebsd-current@freebsd.org
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D0F3C16A481;
	Wed, 21 Jun 2006 07:31:27 +0000 (UTC)
	(envelope-from jb@what-creek.com)
Received: from what-creek.com (what-creek.com [66.111.37.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4AF5043D49;
	Wed, 21 Jun 2006 07:31:26 +0000 (GMT)
	(envelope-from jb@what-creek.com)
Received: by what-creek.com (Postfix, from userid 102)
	id 776FA78C1D; Wed, 21 Jun 2006 07:31:23 +0000 (GMT)
Date: Wed, 21 Jun 2006 07:31:23 +0000
From: John Birrell <jb@what-creek.com>
To: Luigi Rizzo <rizzo@icir.org>
Message-ID: <20060621073123.GA35319@what-creek.com>
References: <C41481BC-89F3-457E-9FD0-CB85CE7B93E7@eecs.cwru.edu>
	<4498D108.90907@rogers.com> <20060621053007.GA3320@odin.ac.hmc.edu>
	<4498DF20.8020803@rogers.com> <1150870137.78122.14.camel@spirit>
	<20060621082734.Q24109@beagle.kn.op.dlr.de>
	<20060621063816.GA32889@what-creek.com>
	<20060621000250.A6468@xorpc.icir.org>
	<20060621070739.GB35132@what-creek.com>
	<20060621002036.A6576@xorpc.icir.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20060621002036.A6576@xorpc.icir.org>
User-Agent: Mutt/1.4.2.1i
Cc: freebsd-current@freebsd.org, Harti Brandt <harti@freebsd.org>
Subject: Re: ~/.hosts patch
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jun 2006 07:31:27 -0000

On Wed, Jun 21, 2006 at 12:20:36AM -0700, Luigi Rizzo wrote:
> On Wed, Jun 21, 2006 at 07:07:39AM +0000, John Birrell wrote:
> > The fact that a lot of innocent (naive) people don't use https and certificates?!
> 
> and so they would happily click on
> 
> 	<a href="http://www.666.org/gimmeyourmoney">Secure Link to Your Bank</a>
> 
> so we are not opening much in terms of security holes...

You are making it worse because you open a new security hole:

<a href="https://www.paypal.com/">www.paypal.com</a>

does not take them to the _REAL_ www.paypal.com.

This is not an issue about phishing where:

<a href="http://some.dynamic.ip.addr/">www.paypal.com</a>

makes it look like the link takes them to PayPal when it really
doesn't.

Most banks still don't use certificates even though they use HTTP.

We need to retain the integrity of a DNS lookup. If there are any work
arounds required for poor DNS lookups, then let an administrator configure
them!

--
John Birrell