Bob Relyea wrote:
There is a growing myth at you can get most of the security you want by using unauthenticated encrypted pipes. This myth has been enhanced by such systems as SSH, PGP, and use of self-signed certs. These tools -- when used properly -- can be secure. It requires a diligent, knowledgeable operator, who painstakenly checks all fingerprints of all the keys he trusts in the system. These tools depend on an already
What about mozilla products not warning users if someone is issued a certificate from another CA or even the same CA and not warning the user about potential man-in-the-middle attacks? Currently ISPs or anyone in your path from your end users to you could be serverly compromising your security, and easily especially with some companies being CAs and offering snooping to the US govt be redirecting your traffic to snoop on it and the browser will NEVER warn you that it is occuring or that it did occur.
existing *human* relationship between the people communicating. The problems come because the operator verification burden is too high. Most of us --- even those of us who know better --- simply rely on the fact that we trust our underlying intra- or inter- net infrastructure and click 'accept' when asked to do the check.
I keep telling people, trust PKI for credit card transactions, but I sure as hell wouldn't trust it for anything more. While SSH etc may be ok for person to person and not scale up, but mozilla products don't scale down and don't warn you if something suddenly changes on a personal scale which could put you at much or more at risk because it's silently intercepting and decoding/re-encoding all of your information and keeping a copy etc.
Now add there scores of intelligent programmers and admins, who understand enough to start these products, but aren't familiar with applied cryptography and their protocols. Suddenly everyone thinks "look it's encrypted, so it's safe", without understanding the underlying attacks.... and they get away with it because,for the most part, our unencrypted connections are secure actually enough. They clammer for us to remove the warning dialogs and 'just let me get on with it...' because they've never been bitten before. We are already at risk and are only talking the most intelligent 5-10% of the population.
That's Ian's point, and it's a side issue from the certificate thing.
The issue is for most of our operations, the risk isn't that we are going to loose our sensitive information to some internet snooper.
SSH doesn't prevent any more practical attacks against my system than Telnet does (unless I only turn on client auth). There are very few scenarios where snooping is feasible, but redirection of the packets isn't. If we aren't protecting against the redirect attack, we aren't supplying enough extra security to warrant telling the user he's 'secure'.
There's more then one kind of redirection attack...
One more 'myth' that has been around for a long time is "little bits of security is better than no security". This is only true if you understand the magnitude of "the little bits". I've heard developers say obscuring the password is better than nothing at all, but that's like saying "putting a fake lock on a gate is better than just a latch" where the user isn't told the lock is fake. It's true the novice thief may pass up the gate because it is too much work to get through, but even a casual thief would recognize the lock as fake and break in. If the user had known the lock was fake, he may not have secured his valuables behind it.
Locks keep honest people honest, if someone is determined enough they won't attack the SSL protocol, they will attack the server which these days is very much the weakest link and rape it for all the credit cards possible. However this just reinforces my point about lack of fingerprint checking and warning users by mozilla products, another identical certificate (by included CAs) could easily be issued, the person just needs to setup a SSL proxy to intercept the traffic, and the end user would never know this occured.
In short, providing the connection without accepting it as secure is, IMHO, an excellent way to solve the problem and start breaking down the myth.
Again the link isn't insecure, or no more so then the current PKI methods that are implemented... Just because you hit a signed cert, it doesn't mean the link is what you expected it to be, how many variations of domains do you think exists? How many ccTLDs exist, 240 odd? are companies able or willing to buy certfificates in all regions? What if 2 companies exist legally selling the same/similar products and one company is a fly by night job, but they both proved to a company they have a right to use the names by registering companies etc... Being able to prove to a CA you have a right to use a name, doesn't imply intent, there is simply too many countries to know or have access to all the valid company names the work over.
--
Best regards, Duane
http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
