At 12/4/01 10:02 PM, Eric Smith wrote: >But my point is that this [encryption without authentication] gains >nothing.
Well, I guess we disagree, then. I think it gains something: it stops the guy in the next cubicle, or the guy in the colo facility, from stealing my credit card number or passwords by sniffing Ethernet packets, which I would guess is perhaps a more likely attack than someone setting up a man-in-the-middle site hijacking. >If I connect to foobar-random-losers.com that uses a self-signed >certificate, I have no expectation of any securit or privacy. I might >be connecting to people who have hijacked the domain. [stuff snipped] >On the internet, on the other hand, there are *trivial* attacks to >divert or eavesdrop on traffic that can be mounted from halfway >around the planet. Sending valuable data over a non-SSL link, or an >SSL link where the other party uses a self-signed certificate that >you can't verify, is just asking for trouble. Well, if we're assuming someone can intercept and alter packets, I gave an example in my previous message of a situation where someone could trivially hijack an "authenticated" domain, too. He simply obtains a certificate for a reasonable-looking URL, then uses a man-in-the-middle attack to change the non-secure version of a site so that compromised "secure" links appear. For example, he intercepts traffic for http://www.tigertech.com/ and replaces the https://www.tigertech.com/ secure ordering link with one pointing to (for example) https://software-payments.com/, which he owns and has obtained a certificate for. Unless the customer knows by some external means that the secure link shouldn't actually go to https://software-payments.com/, authentication does no good whatsoever. I often see secure ordering links that take you to a different "store" URL that seems completely unrelated (other than page design), and with which I'm unfamiliar; any of those could be hijackings, and I doubt many of us sophisticates think twice about it. Realistically, if you came across a link on my site that said you can order my software through https://software-payments.com/, and found a reasonable-looking secure page when you got there, I doubt you'd think twice -- you'd have no way of knowing my non-secure site links had been hijacked. As I said, I completely agree that authentication *is* useful in many cases, and does add a lot of security if you can externally verify that the information the CA attested to (company's physical address, for example) is correct. But for some other uses, people are going to accept the certificates blindly without verifying (or even being able to verify) that they're accurate. In these cases, why should I have to pay for (expensive) authentication just so I can use (free) encryption? Anyway, this is off topic and I'll shut up. I guess my on-topic comment is that like everyone else, I'm completely in favor of cheaper certificates that are authenticated only by the domain's admin contact, so it seems there's no disagreement between any of us as to the relevant issue :-) -- Robert L Mathews, Tiger Technologies
