Re: phishing web sites using self-signed certs

2005-11-03 Thread Julien Pierre

Ka-Ping Yee wrote:

On Thu, 3 Nov 2005, Julien Pierre wrote:


Ka-Ping Yee wrote:


On Wed, 2 Nov 2005, Julien Pierre wrote:



The account (or other relationship) you previously established at the
website you wanted -- the one truly intended as you put it.  The
phisher wants to fool you into believing you are participating in that
relationship when in reality you are dealing with an impostor.  By
keeping note of the certificate information, your browser can tell you
reliably whether you are dealing with the same site and not an impostor.


No. A party is allowed to use more than one certificate, for reasons
such as renewal, or many other. There is nothing in X.509 or SSL that
says one party only has one cert, quite the contrary.  The fact that
the certificate has changed since your last communication does not
tell you that you aren't dealing still with the same site .



But that is not under control of the phisher.  Only the legitimate
party can produce the correct certificate, and that is what matters.
When you are phished, someone is trying to make you believe that you
are at the SAME site when in reality you are at a DIFFERENT site.
The situation you're describing is not phishing; it's backwards (you
think you are at a different site when you are at the same site),
and it can only occur with consent of the legitimate site.


The point I was trying to make is that there is not one unique correct 
certificate. The fact that the certificate changed or didn't change 
tells you nothing about its validity.


In fact the certificate could be the same both times, but it could have 
been revoked by the CA between the two communications, eg. for reason of 
key compromise, and you could in fact be dealing with a phisher the 
second time .


The fact is that the information about which certificate was used in a 
previous communication is not relevant to the problem of authenticating 
the site the 2nd time around. To provide security, the certificate needs 
to be fully verified and validated again.

___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-02 Thread Hendrik Weimer
Ka-Ping Yee [EMAIL PROTECTED] writes:

 Refusing to accept self-signed certificates is *not* the right thing
 to do.  That would only further the notion that buying a certificate
 from one of dozens of approved CAs is what makes a website legitimate,
 which is false.

Not necessairly. It will shift the focus from certificate warnings to
the installation of additional root CAs. The problems will remain the
same, however the users will suffer as some websites won't be
accessible for them.

Hendrik
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-02 Thread Ka-Ping Yee
On Tue, 1 Nov 2005, Julien Pierre wrote:
 Ka-Ping Yee wrote:
  What fraction of the 30 to 50 root CAs on your root CA list do you
  know or have ever heard of?  Do you know their policies?  Do you know
  their management?  Why should you trust them?
 
  What makes a website legitimate is the fact that it is the website
  you truly intended, not the fact that it happens to have paid a member
  of the CA extortion ring.

 What other way does the average non-technical user have to know that the
 secure website is the one truly intended and not a fake, except than to
 rely upon a third party to do the verification for them ? Self-signed
 certs certainly don't provide any of that type of assurance.

What matters is that the certificate represents the *same* organization
you created the account with, not that the certificate was purchased
from a particular company.  Browsers should help users keep track of
these identities, using mechanisms such as the petname toolbar, instead
of showing more warning dialogs or making warnings more severe.

Using a petname field to label a website is really no different than
assigning names to your IM buddies, which people already do.  Why doesn't
impersonation work on IM? [*]  Because your buddy list keeps track of who
you know.  It can be the same way, and just as easy, with Web browsers.


-- ?!ng

[*] If your IM protocol is not encrypted, you are vulnerable.  Compare
apples to apples, though: the analogy is between encrypted IM and
browsing the Web with SSL.
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-02 Thread Ka-Ping Yee
On Thu, 3 Nov 2005, Duane wrote:
 Ka-Ping Yee wrote:
  Using a petname field to label a website is really no different than
  assigning names to your IM buddies, which people already do.  Why doesn't
  impersonation work on IM? [*]  Because your buddy list keeps track of who
  you know.  It can be the same way, and just as easy, with Web browsers.

 The difference being that you form a close relationship with IM buddies,
 the same can't be said for a shop you go online to purchase from you
 found on pricewatch.com...

Let's make sure we're talking about the same problem here.  When we're
talking about phishing, i assume this means a scam where someone tries
to impersonate a website you already have a relationship with -- for
example, they're trying to get your online banking password.  A petname
(or buddy-list-like) mechanism can protect you from that type of attack.

Were you thinking of a different attack?


-- ?!ng
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-02 Thread Ka-Ping Yee
On Wed, 2 Nov 2005, Julien Pierre wrote:
 Ka-Ping Yee wrote:
 What other way does the average non-technical user have to know that the
 secure website is the one truly intended and not a fake, except than to
 rely upon a third party to do the verification for them ? Self-signed
 certs certainly don't provide any of that type of assurance.
 
  What matters is that the certificate represents the *same* organization
  you created the account with, not that the certificate was purchased
  from a particular company.

 What account or you talking about ?

The account (or other relationship) you previously established at the
website you wanted -- the one truly intended as you put it.  The
phisher wants to fool you into believing you are participating in that
relationship when in reality you are dealing with an impostor.  By
keeping note of the certificate information, your browser can tell you
reliably whether you are dealing with the same site and not an impostor.

 Assuming your IM protocol is encrypted, somehow when your IM client
 talks to an IM server, or to an IM peer, it needs to verify the identity
 of that server or peer before logging in. Encryption buys you nothing if
 your client encrypts to the wrong party.

Your buddy list should record the key that was used last time and identify
the other party by the fact that it is using the same key this time.


-- ?!ng
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-01 Thread Peter Gutmann
Nelson B [EMAIL PROTECTED] writes:

Peter,

Please spell out for us exactly what you mean by
 treat a cert validation failure in the same way as a network error

Do you mean to treat it as unrecoveragle error, with no option to override?
or ??

Treat it as an unrecoverable error.  Providing non-technical users with an
opt-out screen and an I'm feeling lucky button to click on is just security
theatre, if you're serious about security then make it a nonrecoverable error
in the same format as [tabs across to Firefox to check what it says] a Server
not found-type message.  If the user is expecting to talk to a server in a
secure manner and the security fails, then it's a fatal error, not a one-click
speedbump to annoy them.

Peter.

___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-01 Thread cdr

Peter Gutmann wrote:

Treat it as an unrecoverable error...
...in the same format as [...] a Server not found-type message.  


If only it was so simple...

If this was to be done, it would quickly become the best known
example of simple-minded, ill suited for real world I-know-best
attitude on the part of programmer. We know users have choice,
and the net result, I predict, would be their migration to other
browsers.

cdr

___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-01 Thread Julien Pierre

cdr wrote:

Peter Gutmann wrote:


Treat it as an unrecoverable error...
...in the same format as [...] a Server not found-type message.  



If only it was so simple...

If this was to be done, it would quickly become the best known
example of simple-minded, ill suited for real world I-know-best
attitude on the part of programmer. We know users have choice,
and the net result, I predict, would be their migration to other
browsers.


Regardless, it is the right thing to do. If non-technical users want to 
shoot themselves in the foot, they should certainly be free to do so - 
using another browser.

___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-01 Thread Julien Pierre

Ka-Ping Yee wrote:


Refusing to accept self-signed certificates is *not* the right thing
to do.  That would only further the notion that buying a certificate
from one of dozens of approved CAs is what makes a website legitimate,
which is false.

What fraction of the 30 to 50 root CAs on your root CA list do you
know or have ever heard of?  Do you know their policies?  Do you know
their management?  Why should you trust them?

What makes a website legitimate is the fact that it is the website
you truly intended, not the fact that it happens to have paid a member
of the CA extortion ring.


What other way does the average non-technical user have to know that the 
secure website is the one truly intended and not a fake, except than to 
rely upon a third party to do the verification for them ? Self-signed 
certs certainly don't provide any of that type of assurance.


The only valid exception may be when you are connecting to your own 
hosts over a very controlled private network. In this case no third 
party verification is necessary. But most non-technical users don't do that.

___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-01 Thread Duane

Arshad Noor wrote:


In the real world, we trust the Secretary of State (at least,
in the US) to authenticate businesses.  They are the only
ones authorized to issue Certificates of Inforporation that
legitimizes a US business.  (Similar agencies perform such
functions in other countries, to the best of my knowledge).


Nice idea in theory, but everything works in theory, however the icann 
issue at present is the crux of the internet trust debate, other 
governments don't trust the US govt to screw them, and vice versa, I 
don't think I'd be willing to trust most governments on the matter of 
being CAs... or any for that matter...


--

Best regards,
 Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers

In the long run the pessimist may be proved right,
but the optimist has a better time on the trip.
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-11-01 Thread Arshad Noor

No, I'm afraid you got that wrong.  Any site is free to do
what they want. Consumers are also free to do what they want.

However, the outlined scheme provides for a uniform way for
a consumer to trust a company's digital certificate, based on
the laws of the jurisdiction that established that company in
the real world.  As a consumer, I still get to choose whether
I trust that company or not - but the legitimacy of the
company or its digital certificate is not in question.

There is a corollary benefit to the outlined scheme: today,
as long as your credit card is good, you can get a server SSL
certificate from most CA's in the browser, regardless of who
you are.  Thus, the existing scheme, benefits attackers.  The
outlined scheme has an underlying paper-trail by default,
potentially leading to officers of the business entity who
can be held responsible for illegal activities.

Arshad Noor
StrongAuth, Inc.

cdr wrote:


Did I get that right...? Do you seriously propose that only
government-sanctioned sites should be capable of conducting
secure transactions?

cdr



___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-10-31 Thread Peter Gutmann
Nelson B [EMAIL PROTECTED] writes:

As reported in
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=171200010
phishers are now using self-signed certs on their phony web sites, to make
the lock icons appear for their web sites, to give the victims a false sense
of security.

Of course, the victims must first dismiss a large warnign dialog about
the cert coming from an unknown issuer.  But according to the article,
many users dismiss that dialog without any understanding of what it means.

No-one's ever done a rigorous study of this, but there is plenty of anecdotal
evidence (e.g. the site that had a large red cross and Invalid Certificate
on it that users had to click past before making multi-thousand-dollar
payments, the bank site with an invalid cert that didn't stop 299 of 300
users, etc etc) that cert warnings are almost completely ineffective in
stopping users from going to a web page that they want to visit.  That's why
the best strategy for this is to treat a cert validation failure in the same
way as a network error: Users know how to handle this, and it puts pressure on
site admins to get things right.

Peter.

___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-10-31 Thread Nelson B
Peter Gutmann wrote:
 Nelson B [EMAIL PROTECTED] writes:
 
As reported in
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=171200010
phishers are now using self-signed certs on their phony web sites, to make
the lock icons appear for their web sites, to give the victims a false sense
of security. 
 
Of course, the victims must first dismiss a large warnign dialog about
the cert coming from an unknown issuer.  But according to the article,
many users dismiss that dialog without any understanding of what it means.
 
 No-one's ever done a rigorous study of this, but there is plenty of anecdotal
 evidence (e.g. the site that had a large red cross and Invalid Certificate
 on it that users had to click past before making multi-thousand-dollar
 payments, the bank site with an invalid cert that didn't stop 299 of 300
 users, etc etc) that cert warnings are almost completely ineffective in
 stopping users from going to a web page that they want to visit.  That's why
 the best strategy for this is to treat a cert validation failure in the same
 way as a network error: Users know how to handle this, and it puts pressure on
 site admins to get things right.

Peter,

Please spell out for us exactly what you mean by
 treat a cert validation failure in the same way as a network error

Do you mean to treat it as unrecoveragle error, with no option to override?
or ??

Thanks for your feedback.
-- 
Nelson B
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto


Re: phishing web sites using self-signed certs

2005-10-29 Thread Hendrik Weimer
Nelson B [EMAIL PROTECTED] writes:

 I think this is further evidence that basic (not advanced) users should
 not be able to override such cert validity errors.

Won't help much. The Phishers will start to use domain-validated certs
and I guess they won't run short of credit card numbers.

Hendrik
___
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto