Hi Jeffrey,
On 29/04/2014 17:14 pm, Jeffrey Goldberg wrote: > On 2014-04-28, at 5:00 PM, James A. Donald <jam...@echeque.com> wrote: > >> Cannot outsource trust Ann usually knows more about Bob than a distant >> authority does. > > So should Ann verify the fingerprints of Amazon, and Paypal herself? How do > you see that working assuming that Ann is an “ordinary user”? First, do a proper security analysis; don't accept some marketing dross from the sellers of stuff. If you look at the history of web commerce, there is nothing there that supports the notion that the in-protocol MITM is a risk to be mitigated. Even if you look at close analogues, the support is not there. And, if you look at the rest of the equation -- humans, banks, stores, remember them? -- you find they don't care either. That's because they're all ready for chargebacks, and always have been so Alice has no problem, ever. She does not *ever* need to worry about fingerprints. Then, what are they worried about? Mass raids of databases, that's what. By far the #1. The next issue, way behind, is phishing, the "other MITM". (Which again they do little about.) It turns out -- and early simple analysis suggested -- that an in-protocol MITM is the worst possible attack, it's daft to an extraordinary level, and only security experts ever worry about it. Conclusion? Strawman. A real security analysis reveals all this. Question then, is where did the notion that you HAVE to defend yourself form the evil in-protocol MITM? Why are we all terrified? > This is exactly the kind of thing I was complaining about in my earlier > comment. There are burdens that we cannot push onto the user. > > People do trust their browsers and OSes to maintain a list of trustworthy CAs. No they don't. Again, you are taking the words from the sold-model. People don't have a clue what a trustworthy CA is, in general. That's because the same model hid it, and is still hiding it. Have a look at amazon today -- look Ma, no CA. In sight. The day the CA is in sight, the users might care. Until then they don't know so they cannot possibly trust. (c.f., the *real meaning of trust* being a human decision to take a risk on available information.) > Sure, we might have the occasional case where some people manually remove or > add a CA. But for the most part, we’ve outsourced trust to the browser > vendors, how have outsourced trust to various CAs, etc. We the users have done nothing of the kind. Browsers have done what they've done, and you could claim that the browsers trust the CAs. Maybe. More so these days coz they actually do something about it, in CABForum, less so before then, before Mozo policy. > I am not saying that the system isn’t fraught with series problems. I’m > saying that at least it tries > to work for ordinary users. Well. It tries to not interfere with ordinary users. In terms of working, one would need to establish the tangible benefit... >> A certificate authority does not certify that Bob is trustworthy, but that >> his name is Bob. > > Yes, of course. Back in the before time (1990s), I had feared that this was > going to be a big problem. That people would take the take “trust the > authenticity” of a message to be “trust the veracity” of the message. But as > it turns out, we haven’t seen a substantially higher proportion of fraud of > this nature than in meatspace. I think it is because reputations are now so > fragile. That last comment. Yes, either the system worked, or the system never worked, and wasn't needed. http://financialcryptography.com/mt/archives/001255.html Show which? The more things you do to it, and discover that nothing changes, is evidence to the latter. iang _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography