At 12/4/01 10:02 PM, Eric Smith wrote:
>But my point is that this [encryption without authentication] gains
>nothing.
Well, I guess we disagree, then. I think it gains something: it stops the
guy in the next cubicle, or the guy in the colo facility, from stealing
my credit card number or passwords by sniffing Ethernet packets, which I
would guess is perhaps a more likely attack than someone setting up a
man-in-the-middle site hijacking.
>If I connect to foobar-random-losers.com that uses a self-signed
>certificate, I have no expectation of any securit or privacy. I might
>be connecting to people who have hijacked the domain.
[stuff snipped]
>On the internet, on the other hand, there are *trivial* attacks to
>divert or eavesdrop on traffic that can be mounted from halfway
>around the planet. Sending valuable data over a non-SSL link, or an
>SSL link where the other party uses a self-signed certificate that
>you can't verify, is just asking for trouble.
Well, if we're assuming someone can intercept and alter packets, I gave
an example in my previous message of a situation where someone could
trivially hijack an "authenticated" domain, too. He simply obtains a
certificate for a reasonable-looking URL, then uses a man-in-the-middle
attack to change the non-secure version of a site so that compromised
"secure" links appear. For example, he intercepts traffic for
http://www.tigertech.com/ and replaces the https://www.tigertech.com/
secure ordering link with one pointing to (for example)
https://software-payments.com/, which he owns and has obtained a
certificate for. Unless the customer knows by some external means that
the secure link shouldn't actually go to https://software-payments.com/,
authentication does no good whatsoever.
I often see secure ordering links that take you to a different "store"
URL that seems completely unrelated (other than page design), and with
which I'm unfamiliar; any of those could be hijackings, and I doubt many
of us sophisticates think twice about it. Realistically, if you came
across a link on my site that said you can order my software through
https://software-payments.com/, and found a reasonable-looking secure
page when you got there, I doubt you'd think twice -- you'd have no way
of knowing my non-secure site links had been hijacked.
As I said, I completely agree that authentication *is* useful in many
cases, and does add a lot of security if you can externally verify that
the information the CA attested to (company's physical address, for
example) is correct. But for some other uses, people are going to accept
the certificates blindly without verifying (or even being able to verify)
that they're accurate. In these cases, why should I have to pay for
(expensive) authentication just so I can use (free) encryption?
Anyway, this is off topic and I'll shut up. I guess my on-topic comment
is that like everyone else, I'm completely in favor of cheaper
certificates that are authenticated only by the domain's admin contact,
so it seems there's no disagreement between any of us as to the relevant
issue :-)
-- Robert L Mathews, Tiger Technologies
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:36:53 EDT