On Thursday 19 May 2005 06:10, Nelson Bolyard wrote: > Ian G wrote: > > On Wednesday 18 May 2005 07:24, Nelson B wrote: > >>Ian G wrote: > >>>In practice, sites see HTTPS as a cost, and a barrier. It doesn't > >>>provide any protection that they *need* although this might be > >>>less true in the future and for big sites. > >> > >>So, you're saying they don't need encryption, they don't need > >>authentication, they don't need validation, and (I gather) > > > > Actually, the sites need authentication and validation, > > but of their users, and this is provided by passwords > > and user names, primarily. > > > > [...] the passwords are protected from eavesdropping by SSL. > > So, you're saying they need password protection from eavesdropping, > but not encryption, authentication or validation?
Yes, but be careful of that nutshell. That's close to what they *need* but they could also desire other things. So that makes it a requirement. Encryption is something that might or might not meet that requirement. They need password protection from eavesdropping, and this is experience that seems to be concurred with by SSH and bugzilla.mozilla.org for example. Although many sites do in fact do financial transaction using passwords without password protection, I think myself that's a risk they only take because protection is so expensive. (I am facing this case at the moment, and the expense of properly protecting passwords within the web coding scenario I am dealing with is just too high to be acceptable, I may end up having to port my own crypto code into the PHP web server just to get it done. Which is fun but hardly economically sensible.) As a requirement, it does not strongly indicate encryption, as simple protections schemes for mailing lists are in wide usage and work quite well by simply mailing out the password or a check over email. A higher degree of separation through alternate means is now popular in online banking circles where SMS is used. So one could probably suggest that encryption would be sufficient to meet the requirement for protection, without authentication and validation, for most web password purposes. Also, one could do it with challenge-response schemes, SRP and the like. (I seem to recall there are some schemes like this built in to HTTP but I'm unaware of what they are.) This is not to say that sites wouldn't use authentication and validation as well as encryption if they were offered and were cheap, but rather to challenge the hypothesis that encryption without authentication and validation is "unworkable" or "meaningless." ( I won't put this in concrete terms because it will likely be misconstrued it as a 'position'. This is a conceptual discussion as to why sites do not use more HTTPS, so we need to get away from the minutae and concentrate on the requirements, and the costs and benefits of various technologies that claim to meet those requirements, in order to decide what is facing merchants and other web sites. ) iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
