"Steven M. Bellovin" <[EMAIL PROTECTED]> writes:

>There's another issue: initial account setup.  People will still need to rely
>on certificate-checking for that.  It's a real problem at some hotspots,
>where Evil Twin attacks are easy and lots of casual users are signing up for
>the first time.

It really depends on the value of the account, for high-value ones I would
hope it's done out-of-band (so you can't just sign up for online banking by
going to a bank's purported web page and saying "Hi, I'm Bob, give me access
to my account"), and for low-value stuff like Facebook I'm not sure how much
effort your password is worth to an attacker when they can get a million
others from the same site.  I agree that it's still a problem, but switching
to failsafe auth is a major attack surface reduction since now an attacker has
to be there at the initial signup rather than at any arbitrary time of their
choosing.  It's turning an open channel into a time- and location-limited


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to