man in the middle, SSL ... addenda 2

Anne & Lynn Wheeler lynn at garlic.com
Wed Feb 7 13:44:28 EST 2007 

so the assertion in the previous post
http://www.garlic.com/~lynn/aadsm26.htm#30 man in the middle, SSL

was that sitekey as being introduced because of shortcomings in SSL countermeasures to
man-in-the-middle attacks .... however sitekey only deals with simple impersonation
and is easily defeated with a man-in-the-middle attack

in earlier post
http://www.garlic.com/~lynn/aadsm26.htm#27 man in the middle, SSL

there was reference to SSL attempting to address man-in-the-middle attacks and 
"are you really talking to the server that you think you are talking to". 
however, SSL might be better characterized as verifying that the operator of the webserver is the owner  of the corresponding domain name ... aka a digital 
certificate & pki operation  demonstrates that the operator of the webserver 
has use of the private key that corresponds to the "public key" in the digital 
certificate ... bound to the domain name. The browser than validates that the 
domain name in the URL is the same as  the domain name in the (validated) digital certificate.

one of my assertions is that problems cropped up when the public started associating
webservers with buttons that they clicked on ... significantly degrading any 
association in most of the publics' mind between URLs and the webserver. Since
the public weren't effectively associating URLs with webservers ... and the only
function provided by SSL (as countermeasure to man-in-the-middle attacks) was validating 
the correspondence between the URL and the webserver .... a widening security gap
exists between the "buttons" that the public associate with webservers and the URL,
which is the unit of validation by SSL

one conclusion is if countermeasures are introduced that don't actually
address the actual security vulnerabilities ... then they may not be able
to eliminate those security vulnerabilities.

so one countermeasure that has been introduced (to close some part of the security gap) 
is by some of the email clients which look for "buttons" in the content ... and if the 
label of the button appears to be a url/http ... it checks if the actual url/http is the 
same as the claimed url/http. if they don't match ... the email client will flag the 
email as potential problem. The simple countermeasure by attackers ... is to not use a 
http/url label for the button (i.e. just label the button something else, say the 
name of some financial institution).

Another kind of approach trying to close the gap between what the people associate with 
webservers and the actual URL used ... is to take a page out of PGP and have a list of 
"trusted" urls (or at least domain names). Browsers display the assigned trust level 
recorded for that domain name used in the URL (and then SSL verifies that the webserver 
contacted is actually the webserver for that URL). This would start to provide a mechanism  for closing the gap between what the public deals with and the part of 
the infrastructure being checked by SSL.

(at least) two problems with this approach:

1) a repository of URL trust levels is almost identical to a trusted public key repository (directly used by PGP). the repository could directly record both the 
URL, the public key  for that URL as well as the associated trust level. 
this would be another demonstration  of digital certificates being redundant 
and superfluous in an online world and would provide  the basis for a more trusted
environment than the current SSL operation .... misc. past posts mentioning
certificateless public key operation
http://www.garlic.com/~lynn/subpubkey.html#certless

2) so the new (old) attack is social engineering attempting to get people to click on 
various  buttons that change the trust level in their local trust repository. 
however, that also  exists today ... social engineering to get people to load 
certification authority digital certificates into their local (certificate 
authority public key) repository.

so number #1 doesn't eliminate all possible attacks ... however, it actually 
addresses one of the identified security vulnerabilities/attacks ... as opposed 
to supplying "fixes" for things other than what is actually broken.  

lots of past posts mentioning ssl domain name certificates .... including posts in
long thread about the certificates providing more of a feeling of "comfort", as opposed 
to actually security, integrity, trust, etc. 
http://www.garlic.com/~lynn/subpubkey.html#sslcert

note that #1, in attempt to close the gap between what the public associates with 
websites ... and what is SSL is validated for a website (i.e. some chance that the 
operator of a webserver reached by the domain name in the URL is the same as the owner 
of that domain name) ... it can actually close some of the gaps ... but in doing so, it 
increases the need for endpoints with some level of integrity ... and/or it leaves the 
end-points as possibly the weaskest link in the trust chain. also as outlined in #1, the 
possibly integrity improvement that comes from a local trust repository ... can also 
result in making digital certificates even more redundant and superfluous (doesn't 
reduce the need for public key operations ... just further reduces the need for digital 
certificates as a trust mechanism) ... this is similar to other examples where improving 
levels of trusts, also reduce the need for digital certificates as a trust mechanism ... 
misc. related posts on the subject
http://www.garlic.com/~lynn/subpubkey.html#catch22
 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list