Tom Weinstein wrote:
The economic view might be a reasonable view for an end-user to take,
but it's not a good one for a protocol designer. The protocol designer
doesn't have an economic model for how end-users will end up using the
protocol, and it's dangerous to assume one. This is
Perry E. Metzger [EMAIL PROTECTED] writes:
TLS is just a pretty straightforward well analyzed protocol for protecting a
channel -- full stop. It can be used in a wide variety of ways, for a wide
variety of apps. It happens to allow you to use X.509 certs, but if you
really hate X.509, define an
- Original Message -
From: Tom Otvos [EMAIL PROTECTED]
As far as I can glean, the general consensus in WYTM is that MITM attacks
are very low (read:
inconsequential) probability.
I'm not certain this was the consensus.
We should look at the scenarios in which this is possible, and
Internet groups starts anit-hacker initiative
http://www.computerweekly.com/articles/article.asp?liArticleID=125823liArti
cleTypeID=1liCategoryID=2liChannelID=22liFlavourID=1sSearch=nPage=1
one of the threats discussed in the above is the domain name ip-address
take-over mentioned previously
At 07:11 PM 10/22/03 -0400, Perry E. Metzger wrote:
Indeed. Imagine if we waited until airplanes exploded regularly to
design them so they would not explode, or if we had designed our first
suspension bridges by putting up some randomly selected amount of
cabling and seeing if the bridge
I'm not sure how you come to that conclusion. Simply
use TLS with self-signed certs. Save the cost of the
cert, and save the cost of the re-evaluation.
If we could do that on a widespread basis, then it
would be worth going to the next step, which is caching
the self-signed certs, and
Thor Lancelot Simon wrote:
Can you please posit an *exact* situation in which a man-in-the-middle
could steal the client's credit card number even in the presence of a
valid server certificate?
Sure. If I can assume you're talking about SSL/https as it is
typically used in ecommerce today,
Tom Otvos wrote:
As far as I can glean, the general consensus in WYTM is that MITM attacks are very
low (read:
inconsequential) probability. Is this *really* true?
The frequency of MITM attacks is very low, in the sense
that there are few or no reported occurrences. This
makes it a
So what purpose would client certificates address? Almost all of the use
of SSL domain name certs is to hide a credit card number when a consumer
is buying something. There is no requirement for the merchant to
identify and/or authenticate the client the payment infrastructure
On 10/22/2003 04:33 PM, Ian Grigg wrote:
The frequency of MITM attacks is very low, in the sense that there
are few or no reported occurrences.
We have a disagreement about the facts on this point.
See below for details.
This makes it a challenge to
respond to in any measured way.
We have a
At 05:08 PM 10/22/2003 -0400, Tom Otvos wrote:
The CC number is clearly not hidden if there is a MITM. I think the I
got my money so who cares
where it came from argument is not entirely a fair
representation. Someone ends up paying for
abuses, even if it is us in CC fees, otherwise why
Nobody doubts that it can occur, and that it *can*
occur in practice. It is whether it *does* occur
that is where the problem lies.
Or, whether it gets reported if it does occur.
The question is one of costs and benefits - how much
should we spend to defend against this attack? How
Tom Otvos wrote:
As far as I can glean, the general consensus in WYTM is that MITM
attacks are very low (read:
inconsequential) probability. Is this *really* true?
I'm not aware of any such consensus.
I suspect you'd get plenty of debate on this point.
But in any case, widespread exploitation of
Ian Grigg [EMAIL PROTECTED] writes:
Nobody doubts that it can occur, and that it *can*
occur in practice. It is whether it *does* occur
that is where the problem lies.
The question is one of costs and benefits - how much
should we spend to defend against this attack? How
much do we save
On Wed, Oct 22, 2003 at 05:08:32PM -0400, Tom Otvos wrote:
So what purpose would client certificates address? Almost all of the use
of SSL domain name certs is to hide a credit card number when a consumer
is buying something. There is no requirement for the merchant to
identify and/or
[EMAIL PROTECTED] (David Wagner) writes:
Tom Otvos wrote:
As far as I can glean, the general consensus in WYTM is that MITM
attacks are very low (read:
inconsequential) probability. Is this *really* true?
I'm not aware of any such consensus.
I will state that MITM attacks are hardly a
Tom Weinstein wrote:
Ian Grigg wrote:
Nobody doubts that it can occur, and that it *can* occur in practice.
It is whether it *does* occur that is where the problem lies.
This sort of statement bothers me.
In threat analysis, you have to base your assessment on capabilities,
not
Ian Grigg [EMAIL PROTECTED] writes:
In threat analysis, you base your assessment on
economics of what is reasonable to protect. It
is perfectly valid to decline to protect against
a possible threat, if the cost thereof is too high,
as compared against the benefits.
The cost of MITM
At 05:42 PM 10/22/2003 -0400, Tom Otvos wrote:
Absolutely true. If the only effect of a MITM is loss of privacy, then
that is certainly a
lower-priority item to fix than some quick cash scheme. So the threat
model needs to clearly
define who the bad guys are, and what their motivations are.
Ian Grigg wrote:
Tom Weinstein wrote:
In threat analysis, you have to base your assessment on capabilities,
not intentions. If an attack is possible, then you must guard against
it. It doesn't matter if you think potential attackers don't intend to
attack you that way, because you really don't
Perry E. Metzger wrote:
Ian Grigg [EMAIL PROTECTED] writes:
In threat analysis, you base your assessment on
economics of what is reasonable to protect. It
is perfectly valid to decline to protect against
a possible threat, if the cost thereof is too high,
as compared against the
Ian Grigg [EMAIL PROTECTED] writes:
Perry E. Metzger wrote:
The cost of MITM protection is, in practice, zero.
Not true! The cost is from 10 million dollars to
100 million dollars per annum. Those certs cost
money, Perry!
They cost nothing at all. I use certs every day that I've
22 matches
Mail list logo