A better way to pin DNS entries without suffering from cache poisoning.
A better way to pin DNS entries without suffering from cache poisoning.
If the pinned entry is unavailable and the user wants to contact the site, provide a dialog:
+------------------------------------------------------------+
| Host unavailable: 66.66.66.66 "foo.evil.com" |
+------------------------------------------------------------+
| -=/ =- The server you are trying to reach is unavailable. |
| |
| Host: foo.evil.com |
| IP: 66.66.66.66 Protocol: HTTP Port: 80 |
| |
| The following addresses are listed as alternatives. |
| If you trust the addresses, you may choose to tie |
| them to [66.66.66.66,foo.evil.com]. Otherwise you |
| may connect to them and prevent them from accessing |
| the old entries. |
| |
| [x] Do not tie the alternatives to 66.66.66.66 |
| Alternatives: |[ 10.0.0.1]|^| |
| |[ 192.168.0.1]| | |
| |[ 192.168.0.2]| | |
| |[ 127.0.0.1]|v| |
| [ Connect ] [ Replace ] [ Stop ] ([?]) |
+------------------------------------------------------------+
If the user chooses to tie the alternatives to 66.66.66.66/foo.evil.com then Mozilla will add the selected
entries to the DNS cache for foo.evil.com and allow foo.evil.com under any of those IP addresses to read
cache data from the others and connect to each-other at will.
If the user chooses to connect and not tie the alternatives to 66.66.66.66/foo.evil.com then all cache
entries for 66.66.66.66/foo.evil.com will be unavailable to the new foo.evil.com, and the DNS
cache for foo.evil.com will be changed from 66.66.66.66 to the newly selected entries.
Note: there once was a proposal for doing this tossed by me in an email,
I need to dig it up and transcribe any useful details into it.
Note: https shouldn't use pinning at all since the certificate should protect the cache.