Who's afraid of Mallory Wolf?

[Ed Gerck]

Jeroen van Gelderen wrote:

> On Tuesday, Mar 25, 2003, at 14:38 US/Eastern, Ed Gerck wrote:
> > Let me summ up my earlier comments: Protection against
> > eavesdropping without MITM protection is not protection
> > against eavesdropping.
>
> You are saying that active attacks have the same cost as passive
> attacks. That is ostensibly not correct.

Cost is not the point even though cost is low and within the reach of
script kiddies.

> What we would like to do however is offer a little privacy protection
> trough enabling AnonDH by flipping a switch. I do have CPU cycles to
> burn. And so do the client browsers. I am not pretending to offer the
> same level of security as SSL certs (see note [*]).

I agree with this. This is helpful. However, supporting this by
asking "Who's afraid of Mallory Wolf?" is IMO not helpful --
because we should all be afradi fo MITM attacks. It's not good
for security to deny an attack that is rather easy to do today.

> I'm proposing a slight, near-zero-cost improvement[*] in the status
> quo. You are complaining that it doesn't achieve perfection. I do not
> understand that.

Your proposal is, possibly, a good option to have. However, it does not:
provide a credible protection against eavesdropping. It is better than
ROT13, for sure.

Essentially, you're asking for encryption without an authenticated end-point.
This is acceptable. But I suggest that advancing your idea should not be
prefaced by denying or trying to hide the real problem of MITM attacks.

Cheers,
Ed Gerck




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com