Frank Hecker wrote:
> Ram A M wrote:
> > Can I correctly infer that you don't feel any safer submitting your
> > social security number to a site using a VeriSign Class 3
certificate
> > relative to a 'domain-control' only certificate?
>
> No, you can't necessarily infer that :-) Subjectively I personally
would
> feel safer submitting sensitive information to a site using a
"claimed
> identity" certificate than I would if the same site had only a
"control
> of domain" certificate,
I would've been very surprised otherwise.
> assuming that the certs are from the same
> overall CA provider and that the UI made me aware of the difference.
The UI in most browsers doesn't do a good job of showing it. Since some
CAs only issue identity (legal-name) certificates the need for a more
robust UI is not as critical as seeing the overall brand.
> This is for two reasons:
>
> First, per the argument in my prior message, for a given CA the risk
> associated with the "claimed identity" certificate is certainly not
> greater than with the "control of domain" cert, and could possibly be
less.
>
> Second, if the site were an e-commerce or financial services site or
a
> site run by a substantial organization then I would expect them to
spend
> the extra money to get the more expensive cert, given that the
> incremental cost is probably negligible in comparison to the
financial
> resources available to them or potentially available to them, and I'd
be
> suspicious if they tried to save money by getting a less expensive
cert.
For this position to hold up I think it would also have to be the case
that a phisherman would not find value in buying the more expensive
certificate. If an extra US$500 gets a larger return, perhaps $50,000
instead of $10,000, I think they'll spend the 500. Do you agree? Do you
still feel safer with the identity certificate?
> In effect using the more expensive cert acts as a signalling
mechanism:
> This organization is willing to spend money on their site, and hence
is
> serious about doing business with me.
There's something to do this, but remember that criminals work in
economic systems and will play the game just like anyone else; a larger
ROI for a different tact will make that different tact more appealing.
> It's not the only such signalling
> mechanism: Having a clean and professional site design, not having
typos
> or confusing language on the site, having a "deep" site (in terms of
> lots of content about the organization's products and services, and
how
> it does business), not having typos or ungrammatical sentences in the
> site content -- all of these signal to me and others that the
> organization has spent time and money on the site and hence is
serious
> about providing a quality service.
Agree. Certainly I would discount trust for a site that was lousy with
mistakes or thin on content, however I would not trust a site just
because they used a spell checker and a link verifier - at least not
for activity with real risk.
> <digression>
> As a side note, IMO there's a fascinating analogy here to the
> hypothesized role of signalling mechanisms in the context of
biological
> evolution. The basic idea is that when evaluating potential mates
> animals use physical attributes like physical size, the condition of
> feathers and fur, etc., as signals of general health, freedom from
> parasites, etc. -- all the things that might maximise reproductive
> success. The animals being thus evaluated are "motivated" to present
> false signals ("motivated" in the sense that genes improving an
animal's
> ability to present false signals would be selected for), which in
turn
> "motivates" (in the sense defined above) the animals doing the
> evaluation to get better at deciding exactly which signals to look
for.
>
> The hypothesized conclusion from all of this is that the "best"
signals
> (i.e., the ones that would be selected for in the course of
interactions
> between many generations of evaluators and evaluatees) would be those
> that are most difficult to fake. This is one evolutionary explanation
> for why some animals have extreme physical attributes (large antlers,
> long and showy feathers, etc.) that would otherwise seem detrimental
to
> them: it's exactly because such attributes require large amounts of
> energy and time to maintain that they are good signals -- an
unhealthy
> animal would be unable to fake them.
>
> I will leave the application of this theory to produce newer and more
> effective anti-phishing strategies as a exercise for any interested
> readers :-)
> </digression>
I think this favors my position - the identity cert is presumably
harder to get and therefor it is harder to fake identity that way.
Given a CA deteremined to protect it's repuation as a high quality
provider you will see good enrollment vetting and robust revocation
services.
> Back to my subjective feeling of increased safety due to use of
identity
> certs: The problem is that subjectivity is not necessarily what
people
> want in a policy. If everyone involved were happy with me (or someone
> else) saying "Yes, I subjectively feel that it's safe to include CA
Foo
> in the CA cert list" or "No, I feel queasy about having CA Bar in the
> list, so I'll reject them", then we wouldn't need a policy at all.
>
> That's certainly a legitimate approach; it's the approach taken in
many
> areas of Mozilla development, where module owners make subjective
> decisions every day ("accept patch A, reject patch B") in the absence
of
> written policies. But when it comes to the question of which CAs are
> included in Firefox/Thunderbird/etc. and which are not, people don't
> seem to want to leave this to a subjective decision.
If I didn't work for a CA I would be very interested in a branded
release of FF where I did exactly that, given my job I feel I can't do
that in good faith. The best I can do is participate in the debate with
the goal of reaching consensus in the right direction. My intent is as
selfish as noble - I hate clicking on the padlocks everytime I log-in
to my broker, bank, medical service provider site. TrustBar is a great
tool for me and there is some value to most users but I think that
changes in the treatment of 'trust' in the software stack is much more
valuable to the typical user and that, IMO, should be the priority
[which is why I think the software engineer oriented address-bar is so
wrong].
> (Of course, that may just be because they don't trust me to make
those
> decisions.
You're being silly here, I've been reading this list for a long time
and I see no reason to believe this. I do think it's better for many
reasons to have a well documented policy even if it does include
subjective components. Transparency is critical element of trust.
> In that case anyone else is free to come forward and propose
> themselves to the MF as the owner of these decisions, and if that's
> acceptable to the MF I'll gladly stand aside -- it's not as if it's
my
> life goal to be the CA gatekeeper for the Mozilla project.)
Somehow I don't expect to see many volunteers : )
> [re justifications for "low assurance" / "high assurance"
distinctions]
> > I'd say that in the early days the US lawyers working in industry
> > (legal and CA believed that such a distinction was paramount for a
> > robust PKI.
>
> I acknowledge your point here; I know that people spent lots of time
> debating these issues. However I think the key word in your sentence
is
> "lawyers"; I suspect (and to some extent recall) that a lot of the
> discussions and "research" work were around how PKI was going to
> function from a legal sense, and in particular how things like
digital
> signatures were going to interact with existing laws and procedures
> governing contracts, etc. In this context distinctions like "low
> assurance" vs. "high assurance" make sense, in the same way that the
> legal distinctions between verbal contracts and written contracts
make
> sense. However this legal analysis is not the same as an security
> analysis dealing with actual threats, risks, cost/benefit tradeoffs,
and
> so on, and I'm not aware to what extent anyone did this sort of
economic
> analysis in addition to the legal analyses.
A fair comment. I think that legal system (the ones I like) are the way
they are because they are incrementally refined over time and as such
at any given time they describe some representation of current values
of the society with a heavy bias to practical concerns. [No I do not
agree with much of the representation, but other parts of it protect my
ability to live in the society so a workable if not fair compromise is
struck.] If the PKI (or other technologies) are well aligned with the
legal constructs I'd say that's a solid foundation as it's the best
society has come up with. There is still crime in every country and the
legal system is not designed by security experts yet the legal system
seems to work ok but not perfectly.
> > Do you really believe that it is as easy to get an 'identity
> > cert' as it is to get a 'domain control' cert?
>
> No, I don't. That's why I wrote "if it were trivially easy" and not
"it
> is trivially easy".
>
> Please understand that I'm not trying to discount CAs and the amount
of
> work they put into providing a quality service. My point was simply
that
> just because a CA provides two (or more) different cert offerings
> doesn't mean that you can assume a priori (i.e., in the absence of
other
> evidence) that there is any significant improvement in security
(i.e.,
> significant reduction of risk) associated with the "higher assurance"
> service. This is something that has to be demonstrated, and doing so
is
> not necessarily trivial.
My belief is that you are relatively undogmatic and interested in
practical progress. My point as that if an expert like you feels better
with identity certs on the other end of the wire relative to
domain-certs or no certs then that must mean something. I think your
opinions generally support my claim that identity-certs are better
protection than domain-certs, and that the more rigorous the
authentication practices around an identity-cert and the more stringent
the revocation pracitices and the better the support for revocation
technology the safer you are as well.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
