Closed Bug 303952 Opened 15 years ago Closed 15 years ago

Security Error domain name mismatch is NOT an error if it's localhost. (SSH tunnel)

Categories

(Core Graveyard :: Security: UI, defect)

1.7 Branch
x86
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: rn214, Assigned: KaiE)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050322
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050322

I just got this error message:

"Security error: Domain Name mismatch: You have attempted to establish a
connection with localhost. However the security certificate presented belongs to
"smtp.mymailserver.com". It is possible that someone may be trying to intercept
your communication with this website...."

Fair enough, except that this is only occurring because I am using SSH port
forwarding via an untrusted WIFI network - thus I have told mozilla to talk to
localhost, and my SSH tunnel is connecting to the mailserver. (And so Mozilla
sees localhost with my mailserver's certificate - and complains).

Unfortunately, there's no way to work around it, and I get this message every
time I send mail, or when Moz checks for mail. And if it happens in a background
window, Moz just freezes until I find and dismiss it.





Reproducible: Always

Steps to Reproduce:
Set Mozilla up to send mail to: localhost:8025

Then, set up an ssh tunnel:

ssh -L8025:smtp.mymailserver.com:25 me@mytrustedgateway.com

Can send mail, but Moz *always* complains.



Expected Results:  
I'd like an option to ignore security errors that result from localhost. Or
alternatively, a "don't ask me again" option for certain server/certificate
mis-matches.
An ignore function is wontfix according to bug 205677 but Mozilla should only 
complain once per session.
Do you get this every time or once per session ?
Assignee: dveditz → kaie.bugs
Component: Security → Security: UI
Product: Mozilla Application Suite → Core
QA Contact: seamonkey
Version: unspecified → 1.7 Branch
Unfortunately, I get this every time - every time I send messages, and worse,
every time (ever 5 mins) when moz checks for mail, which causes the web-browser
to inexplicably hang until I find - and dismiss - the warning in a different window.

I can see the point about wontfixing the ignore, but presumably localhost could
be an exception? There is no way that anyone could create a man-in-the-middle
attack via localhost unless the localhost machine itself is compromised (in
which case you have bigger problems). Furthermore, anyone who is checking mail
on localhost probably knows what they are doing...
If we gave a free pass to localhost then you'd be vulnerable to someone
redirecting smtp.mailserver.com traffic to fakemail.com.

A workaround on your end would be to put smtp.mailserver.com in your hosts file
as an alias for localhost and then leave your mail settings pointed at
smtp.mailserver.com.

If your mailserver already uses SSL (otherwise you wouldn't get the cert
mismatch warning) then why do you need to tunnel over ssh?
Thank you for your reply. (#3). Your workaround (editing /etc/hosts) is a good
suggestion. 

As for why I need to tunnel the connections:
a)Not all mailservers (I have several accounts) are using SSL
[b)From a privacy perspective, it's desirable not to leak any information,
including the address of the mailserver itself. This way, I only need to
identify a single machine.]

> If we gave a free pass to localhost then you'd be vulnerable to someone
> redirecting smtp.mailserver.com traffic to fakemail.com.

I'm not sure I understand this. Surely, in order to be vulnerable to this, I'd
already have to have a compromised localhost? And at that point, anything could
happen (eg keystroke logging, TCP/IP redirection,copying etc) 
IMHO we should not treat localhost different than other mismatches.

However, you might be interested in the discussion in bug 228684 which asks for a mechanism to permanently remember allowed mismatches.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.