On Fri, Jun 07, 2013 at 10:02:51AM +0300, ianG wrote: > The big example here is of SSL. In v1 it was vulnerable to MITM, > which was theoretically claimed to make it 'insecure'. In practice > there was no evidence of a threat, and still little real evidence of > that precise threat. Fixing the MITM in SSL v2 caused the utility > to fall and costs to skyrocket, which meant that it failed in its > overall mission and maintained its "credit card" mission only by > much handwaving and ignoring of other issues.
When it comes to browsers, the way SSL/HTTPS has been presented to users is maddening. Every time a user sees the scary "unsigned SSL certificate" warning we're basically telling the user that their security is worse with SSL than without. I've seen multiple comments on sites like slashdot by sysadmins and programmers who don't understand crypto discouraging the use of HTTPS unless you have a CA-signed certificate because it makes you vulnerable to a MITM attack... when HTTP is vulnerable as well. Somehow people actually have this misunderstanding. What browser vendors should be doing is to display http and https URLs identically in the URL field and focus on the "Green URL" side of things to make it clear when the connection is actually authenticated. It's probably not a bad idea for a *manually entered* https URL to result in a warning if the certificate is unsigned, but the general case should simply have identical behavior given the identical worst-case security. The PGP world is the same. We would be far better off if we focused on making PGP simple and easy enough that people actually use it; focusing on the web-of-trust does more harm than good. Again protection from passive evesdroppers is a huge improvement on the status quo even without any protection from active evesdroppers. For one thing active evesdroppers leave evidence of their actions. -- 'peter'[:-1]@petertodd.org 000000000000002ef32132cbc3d519800a1f348a51b3ee59f9686e52d92d8734
signature.asc
Description: Digital signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
