(Dan, in answer to your question on certs, below.)
On Thursday 14 July 2005 14:19, Perry E. Metzger wrote: > > Ian Grigg <[EMAIL PROTECTED]> writes: > >> It's 2005, PKI doesn't work, the horse is dead. > > > > He's not proposing PKI, but nymous accounts. The > > account is the asset, the key is the owner; > > Actually, I wasn't proposing that. I was just proposing that a private > key be the authenticator for payment card transactions, instead of the > [name, card number, expiration date, CVV2] tuple -- hardly a > revolutionary idea. You are right, though, that I do not propose that > any PK_I_ be involved here -- no need for certs at all for this > application. > > I don't claim this is a remotely original idea, by the way. I'm just > flogging it again. Well, that's helpful. Having built one or two of these things (and I know of 3 others on the list that have done the same thing) it helps to know we aren't starting from scratch. > > But, thank the heavens that we now have reached > > the point where people can honestly say that PKI > > is the root cause of the problem. > > "Root Cause of the Problem" isn't correct either. It is better to say > that PKI doesn't solve many of the hard problems we have, or, in some > cases, any problems -- it doesn't per se cause any problems, or at > least not many. > > This is not a "new realization" -- this goes back a long way. OK, so maybe this part is the new realisation: The browser security model includes PKI for two purposes - MITM protection and spoofing protection. Ignoring MITM (today), the spoofing protection is supposed to alert the user that the cert and the site don't match. Phishing is a spoof - the wrong site is used. So SSL+PKI should pick that up. It isn't. Why? Simply put because the browser too easily lets SSL's anti-spoofing protection not be seen. It's not being done properly. Why is that? Because the browser people are under severe constraints - your words - and nobody is correcting their missunderstandings. No security folk, no security companies, no CAs, just a few researchers (some lurking here...). Too many words? OK, here's the short version of why phising occurs: "Browsers implement SSL+PKI and SSL+PKI is secure so we don't need to worry about it." PKI+SSL *is* the root cause of the problem. It's just not the certificate level but the business and architecture level. The *people* equation. > People were saying PKI was a bad idea a decade ago or more. A number > of the people here, including me, gave talks on that subject years > ago. I spoke against PKI during the debate I was invited to at the > Usenix Electronic Commerce Workshop in 1998 or so, and at many > opportunities before and since. Dan Geer has a pretty famous screed on > the subject. Peter Gutmann talks about the follies of X.509 so often > it is hard to keep up. I don't mean to single us out as visionaries -- > we were just saying things lots of other people were also saying. > > Honestly, where have you been? I've been over at Mozilla trying to tell them the PKI isn't doing it's job. Peter Gutmann and Amir Herzberg have been there supporting this push. They're not visionaries either but at least they put their money where their mouths are - trying to get Mozo people to touch up the PKI + SSL code to deal with spoofing. (Demos and code available on request !!!!) We recently set up a new group for all anti-phishing researchers so they could congregate and cross-fertilise ideas in a scientific fashion. I'm proud to say that in less than one month our understanding of phishing and the browser security model has significantly advanced. We've talked to dozens of programmers over on the Mozilla camp, sadly without success and I think that's because the crypto community has been relatively silent on this issue. Most over in the browser community remain simply unaware and uneducated on the reasoning behind the security model, and how out of date it is. So, where have you been, Perry? If you wish to patronize me (on a public list, with no right of reply!) do so from a position of strength. > > Can you now tell the browser people? > > I can smell the rest of this discussion right now, Ian. You'll > misunderstand the constraints the browser people are under, and start > claiming SSL is bad (or unnecessary) about 20 seconds after that. I'm > not playing the game. Perry, for the last few months or so the game you have been playing is "disagree with Ian, rag him in public, drop his posts." I don't mind .. but as I showed above, you are 100% diametrically wrong about what it is I am saying or likely to say. Just so you're aware that you're inventing the rest of the discussion and disagreeing with your own invention... iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
