Hi Ian, I must confess I have not followed the "More Phishing scams, still no SSL being used..." thread too much as I'm less convinced that there is a _major_ Mozilla problem to fix. It is the ad-hoc trust model that is the problem. No amount of SW or smart crypto can change this IMHO.
In fact I believe the real problem is fairly distant from SSL, CAs and VeriSign. It is really the extremely stupidly so called "secure e-mail" scheme known as S/MIME which is the TRUE culprit. ===>It is also the root to Spam and e-mail-based viruses.<== How come? Well, S/MIME is based on a proven non-scalable trust model and due to that secure e-mail is not used. That is, anybody can with limited risk of getting caught spread various bad stuff including phishing. Who is responsible for this? It is really the US federal agencies, NIST and the IETF as they were the prime force behind S/MIME. How should a good system have been designed? The IETF should have recognized the obvious: e-mail is a TWO-DIMENSIONAL identity and thus trust structure. That is, domains (MTAs) should authenticate/encrypt to each other, preferably using the in fact not too useless SSL PKI. Then end-users should authenticate to the mail-servers. As they already do that for fetching mail it is odd that it is not required for sending mail. There is very little reason for end-to-end security in a corporate environment. In fact, archiving and automatic content control (including virus checks) mostly make encryption a bad choice in such environments. None of this would be "airtight" but airtight is also usually the same as impractical, expensive and only works in labs-scale by educated people. Although anybody can for a limited sum get a VeriSign e-mail cert, this model is 100% in conflict with organizations' whishes to issue their own certs. Using the end-to-end S/MIME model users will have to be "trust administrators" for each and every e-mail. Anders ----- Original Message ----- From: "Ian G" <[EMAIL PROTECTED]> To: <[email protected]> Cc: "Anders Rundgren" <[EMAIL PROTECTED]> Sent: Sunday, May 22, 2005 15:06 Subject: Re: The Worth of Verisign's Brand Hi Anders! On Sunday 22 May 2005 08:47, Anders Rundgren wrote: > I think this discussion is slightly over the heads of the crowd that > we could call "users". Yes, sure, but most things are over the heads of users, including cryptography, sliding window protocols, contracts, audits, ... all of which play their part in SSL & PKI. Adding brand is simply one more aspect to a bucketfull of aspects. SSL the protocol is relatively small in its disciplines - it uses crypto and software engineering. Once you add PKI, you pull in all sorts of other disciplines, and this is what makes it so difficult to understand. SSL + PKI is a very broad multi- disciplinary field that defies understanding in any holistic sense, simply because there are very few accountants who can debug a software protocol (and v.v.). > For that lot, using the SSL model we can only > hope that the CAs represensented in browser truststores do > their job. BTW, VeriSign is a name brand for the _buyers_ of SSL > certificates but (in the browser environment) not for relying > parties of the consumer kind. Which brings us to your comment that we can only hope that CAs do their job. This is exactly where we get into trouble because if you go over to the world of CAs, and you look at it in their terms - governance and accounting and agency theory, you will find that their statement is that they assume the crypto / software side had better do its job! Each depends on the other. But when you examine the assumptions, they clash. One big example is that of "all CAs being equal." No accountant or governance expert would subscribe to that. They would simply say, no, that doesn't work, that never works. Yet, because this assumption has been made by the technical side of the equation, most governance people don't actually realise that the assumption has been made. > I know that this is the opposite on how PKI trust was intended to > work but that is the reality. > > It might be of interest to note that Microsoft in their latest effort > to rule the world using "InfoCards" deprecates the idea of using > SSL certificates and instead tout organization-certificates as it is > really not the CA you are after, but knowing that you are talking > to the right partner. Exactly. The choice is very stark. Either the people who work with SSL and PKI move to change and evolve their models to cope with the new threats, or in time, it will be replaced. Microsoft could replace it. The problem with Microsoft is that they haven't got an ability to field a proper security model *without* having their insular agenda poison it from the start. If they could reel in the marketing side of the biz for 2 years then they could replace the whole lot with something more secure. And then clean up mammothly, but the notion that a Microsoft product doesn't go for the short term benefit like a child going for cookies is beyond them. IMHO. The comment also applies equally negatively to most other companies, even notably privacy advocates like PGP Inc have their cookie theft stories (Cite: ADK). > If this list believe that users should do conscious decisions on what > CAs to trust you are on the wrong track as this is impossible > to do for mere mortals. A possible solution would be that you for > a fee "outsourced" CA trust decisions to a party that have this as > their prime business. Such a model would in fact add considerably > more interesting stuff to the plot than just CA validity. It could > actually claim that a reputation of an organization your are about > to contact is not the best. Impossible is a tough word, and if we accepted it we could get rid of the little padlock as that would mean that users could not check that. (They don't .. but that's not to mean they can't.) Also, you are assuming that the contrary is that a CA will always get it right. We've already shown this is a null case, as phishing bypasses the CA completely. And succeeds. (It seems that the popular figure is $1.2 per annum.) So it is a browser issue. I think - speculating here - that the solutions we settle on will be a spectrum of available info that is slowly refined and slowly learnt by consumers. Each consumer will be phished once on average and then will learn how to read the info. As each phishing cost on average is like $5000, I don't think it is too hard for users to spend a little time learning a useful security model to avoid the next $5000. But they may need that first $5000 to understand that themselves. (First million americans have already been phished, according to some numbers.) iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
