Who's afraid of Mallory Wolf?

Peter Clay pete at flatline.org.uk
Mon Mar 24 11:37:03 EST 2003 

On Sun, 23 Mar 2003, Ian Grigg wrote:

> Consider this simple fact:  There has been no
> MITM attack, in the lifetime of the Internet,
> that has recorded or documented the acquisition
> and fraudulent use of a credit card (CC).
> 
> (Over any Internet medium.)

How do you view attacks based on tricking people into going to a site
which claims to be affiliated with e.g. Ebay or Paypal, getting them to
enter their login information as usual, and using that to steal money?

It's not a pure MITM attack, but the current system at least makes it
possible for people to verify with the certificate whether or not the site
is a spoof.

> So, let's guess the cost of each CC lost to our
> MITM as $1000.  (Pick your own number if you
> don't like that one.)
> 
> Then, how many attacks?  None, from the above.
> 
> Multiplied together, and you get ... nothing.

So, you claim that a system designed to make MITM attacks impossible has
not suffered a successful MITM attack. Sounds rather tautologous to me.

> The software mandates it:  mostly the browsers,
> but also the servers, are configured to kick up
> a stink at the thought of talking to a site that
> has no certificate.

> As such, SSL, as implemented, shows itself to
> include a gross failure of engineering.

The system was engineered very well to requirements with which you
disagree.

> [2] AFAIR, Anonymous-Diffie-Hellman, or ADH, is
> inside the SSL/TLS protocol, and would represent
> a mighty fine encrypted browsing opportunity.
> Write to your browser coder today and suggest
> its immediate employment in the fight against
> the terrorists with the flappy ears.

Just out of interest, do you have an economic cost/benefit analysis for
the widespread deployment of gratuitous encryption?

It's just not that important. If your browsing privacy is important,
you're prepared to click through the alarming messages. If the value of
privacy is less than the tiny cost of clicking "accept this certificate
forever" for each site, then it's not a convincing argument for exposing
people who don't understand crypto to the risk of MITM.

Pete


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list