Duane wrote on Tue, 30 Mar 04, 3:59 PM:
> Nelson Bolyard wrote:
>
> > Most of the info that travels the net needs no "protection". Its
> > value is SO LITTLE that no-one would spend a penny to collect it.
> > We shouldn't be concerned that that info is not encrypted.
>
> What about the info sent by "dissidents" in china and locked up because
> they said something against the china government, I doubt it's a factor
> they don't want security, but a cost factor that it isn't deemed needed
> till someone gets arrested :)
I'm glad you brought up "dissidents" in China. I'll use "China" as an example here,
though the situation could apply to any country which firewalls off it's internet
connections through proxies (to control access to information within the country or
eavesdrop on communication outside). I will use "China" in quotes to represent these
countries as a whole. I do this because I have personal knowlege of people in one or
more of these kinds of countries whose lives would be at risk if their crypto systems
are compromised.
This is one scenario I'm very worried about. Right now, today, dissidents can create
websites that are SSL protected. These sites are secured from government prying, even
though "China" firewalls off it's network from the world. "China" does allow tunneld
SSL connections (which it would need to to allow any sort of e-commerce to occur).
Because SSL has strong authentication, I know that the "Chineese" government cannot
tap the information.
Now introduce the situation proposed: either a "less secure" CA (one with a weaker, or
unknown vetting process) or even worse, self-signed certificates. Now the "Chineese"
government (in your example) simply has to get their own certs for each of those
websites (or create their own on the fly), and they can suddenly sit as
man-in-the-middle listening to everything said on your supposedly secure connection.
There is *NO WAY* to detect the substitution!
If Mozilla starts including these kinds of policies, I would have to recommend against
using mozilla to these friends. It's not worth trusting their life that some unvetted
CA "got it right".
> I believe Indy Media groups round the world provides self signed certs
> at present for this very reason, to allow anonymous submissions that
> can't be intercepted when sending to their websites... I also believe
> it's not just china they have to worry about, apparently someone had
> their door kicked in by the FBI because they were listed in the DNS
> records...
Their communication is only secure between themselves --- only if they explicitly
trust their certificates. They can do that today. If, however, they trust *ANY*
selfsigned certificate, they could have both china and the FBI kicking in their door.
bob
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
