Heh. Don't exchange realm keys with EVIL.COM unless you trust them
to not do such things. :-)
Okay... and as long as we're assuming that Alice's browser is dumb
enough to not tell Alice who it's authenticating to, let's also not have
it tell Alice the URL (after all, URL's are nasty protocol things that
should be kept away from the user, right?).
Then Mallet intercepts the request, and sends to Alice:
So Alice's oh-so-helpful browser jumps over there, and Mallet sends back:
Authenticate: KerberosV4 "http.mallet.evil.com@EVIL.COM"
At which point, it doesn't matter whether or not you're doing URL
checking; you still lose.
Before sending a document that requires security to a server, the
client needs to tell the user what form of authentication it's using,
and whom it's authenticating itself to. If you really feel the need to
show the user the URL, and do URL checking, fine; I'd rather just give
the user the information directly, and allow the server to use any name
it wants for authentication.