Five Theses on Security Protocols
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Aug 1 07:20:51 EDT 2010
Guus Sliepen <guus at sliepen.org> writes:
>But, if you query an online database, how do you authenticate its answer? If
>you use a key for that or SSL certificate, I see a chicken-and-egg problem.
What's your threat model? At the moment if I get a key from a PGP keyserver
for a random contact I have no way of authenticating it (it may be signed, but
I have no idea who the signers are), I just hope the key's the right one. The
ability to receive email at the given address helps prove it's them, and the
ability to reply indicates proof of possession of the private key.
In this case if I want to know whether (say) a Verisign-issued cert is valid I
go to www.verisign.com and ask. Sure, you can defeat this with a fair bit of
effort, but doing a live MITM on a random TCP connection from an arbitrary
user just doesn't scale as well as a spamming out a zillion phishing emails
and waiting for users to come to my botnet. The point isn't to create a
perfect defence but to raise the bar sufficiently that attackers can no longer
profitably use it as an attack vector.
In any case for this specific case DNSSEC will be along any minute to save us
all, so we don't have to worry about it any more.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list