* The http version is necessary. If we remove HTTP, around 80-90% of the ISP configs will fail. (This is based on real-world test.) * DNS SRV (bug 342242) is a standard and is even less secure than HTTP. (UDP is easier to hijack than TCP.) * The attacker would have to exactly time the attack for the moment when the user sets up the account. * No successful real-world attack has ever been known. * Autoconfig is extremely useful for end users, and has been dramatically successful. Killing its effectiveness is a disservice to user. * The user has to explicitly approve the config we find. We show the domain clearly in bold. This is a deliberate measure as a last stop-gap for the theoretical case that there might be an attacker.
Bug 1470863 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
* The http version is necessary. If we remove HTTP, around 80-90% of the ISP configs will fail. (This is based on real-world test.) * DNS SRV (bug 342242) is a standard and is even less secure than HTTP. (UDP is easier to hijack than TCP.) * The attacker would have to exactly time the attack for the moment when the user sets up the account. * No successful real-world attack has ever been known. * Autoconfig is extremely useful for end users, and has been dramatically successful. Killing its effectiveness is a disservice to user. * The user has to explicitly approve the config we find. We show the domain clearly in bold. This is a deliberate measure as a last stop-gap for the theoretical case that there might be an attacker. WONTFIX. Not a good idea.
* The http version is necessary. If we remove HTTP, around 80-90% of the ISP configs will fail. (This is based on real-world test.) * DNS SRV (bug 342242) is a standard and is even less secure than HTTP. (UDP is easier to hijack than TCP.) * The attacker would have to exactly time the attack for the moment when the user sets up the account. * No successful real-world attack has ever been known. * Autoconfig is extremely useful for end users, and has been dramatically successful. Killing its effectiveness is a disservice to user. * The user has to explicitly approve the config we find. We show the domain clearly in bold. This is a deliberate measure as a last stop-gap for the theoretical case that there might be an attacker. WONTFIX. Not a good idea. (Please first ask to IETF deprecate DNS SRV standard and let IETF say that DNS SRV should not be used anymore, without DNSSEC. Once you're successful with that and that happened, we can re-consider this issue.)