Eric Rescorla wrote:
Ian Grigg <[EMAIL PROTECTED]> writes:

Notwithstanding that, I would suggest that the money
already lost is in excess of the amount paid out to
Certificate Authorities for secure ecommerce certificates
(somewhere around $100 million I guess) to date.  As
predicted, the CA-signed certificate missed the mark,
secure browsing is not secure, and the continued
resistance against revision of the browser's useless
padlock display is the barrier to addressing phishing.

I don't accept this argument at all.

There are at least three potential kinds of attack here:

(1) Completely passive capture attacks.
(2) Semi-active attacks that don't involve screwing with
    the network infrastructure (standard phishing attacks)

By (2) I guess you mean a bypass MITM?

(3) Active attacks on the network infrastructure.

By (3) I guess you mean a protocol level MITM.

Then, there is:

(4) Active attacks against the client.  By this I mean
    hacking the client, installing a virus, malware,
    spyware or whathaveyou.  (This is now real, folks.)
(5) Active attacks against the server.  Basically,
    hacking the server and stealing all the good stuff.
    (This has always been real, ever since there have
    been servers.)
(6), (7) Insider attacks against client, server.
    Just read off the data and misuse it.  (This has
    been real since the dawn of time...)

Of course, SSL/SB doesn't protect against any of these,
and many people therefore assume the thinking stops
there.  Sadly, no.  Even though SSL doesn't protect
against these attacks, the frequency & cost of these
attacks directly impacts on the design choices of
secure browsing.

SSL does a fine job of protecting against (1) and a fairly adequate
job of protecting against (3). Certainly you could do a better job
against (3) if either:

(a) You could directly connect to sites with SSL a la
(b) The identities were more user-friendly as we anticipated back in
the days of S-HTTP rather than being domain names, as required by

It does a lousy job of protecting against (3).

Sorry, I'm having trouble parsing "fairly adequate" versus "lousy job" for threat (3)... Both (a) and (b) seem to deserve some examples? I can connect directly to expedia, and is friendly enough?

(Hmmm... I tell a lie, there is no
as it redirects.)

Now, my threat model mostly includes (1),  does not really include
(3), and I'm careful not to do things that leave me susceptible
to (2), so SSL does in fact protect against the attacks in my
threat model. I know a number of other people with similar threat
models. Accordingly, I think the claim that "secure browsing
is not secure" rather overstates the case.

(1) OK. Now, granted, SSL protects against (1), "fairly finely." It does so in all its guises, although the CA-signed variant in secure browsing does so at some additional unneeded expense, as it eliminates certain secure options, being SSCs and ADH. OTOH, this is a really rare attack - actual damage from sniffing HTTP traffic doesn't seem to be recorded anywhere as a real attack on people, so forgive me if I downgrade this one as "almost not a threat."

(2) Then we come to (2), what i'd call a bypass MITM.  Or
a phish or a spoof.   (I'm not sure what "semi active"
and "infrastructure" have to do with it.)  This one is
certainly a threat.

When the browser is presented with a URL which happens
to purport only to be some secure site, without really
being that site, this is a spoof.  Your defence is to
be careful against this attack.  So, your defence is
nothing to do with SSL or secure browsing or anything really,
literally, (2) is unprotected against by SSL and secure
browsing in all their guises.  You yourself provide the
protection, because SSL / secure browsing does not.  Of

That is my point - secure browsing does not protect
against any real & present threat.

(3)  I don't understand at all.  But you suggest that
it's not your threat and it isn't protected well against.

In summary - we are left with one attack that is well
protected against, but isn't really seen that much,
and could be done with ADH.  Then, another attack that
you deal with yourself, so that's not really relevant
coz you're smart and experienced, and those using
browsers on the average are not, and they are hit by
the attack.  Then there is (3).

(And we haven't even begun on (4) thru (7).  What then,
is a threat model that only includes some threats?)

So in sum, I think my argument remains unchallenged:
secure browsing fails to secure.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to