Who's afraid of Mallory Wolf?
Trevor Perrin
trevp at trevp.net
Mon Mar 24 14:35:23 EST 2003
At 11:10 PM 3/23/2003 -0500, Ian Grigg wrote:
>Automatically generated self-
>signed FREEDOM CERTIFICATES, as a convenient
>temporary measure until widespread Anonymous-
>Diffie-Hellman is deployed in the field, would
>appear to strike the quickest and most cost-
>effective blow for Browsing Liberty [2].
Even if Anonymous DH was widely deployed, it might be better to use
self-signed certs, or certs signed by an untrusted root - the browser could
remember the cert, and warn the user "this site has a different identity
than last time". Or the browser could log the certs that are used for
connections, and at some later date, if the user suspected MITM attacks,
the user could review the logs for discrepancies - thus giving, if not
"tamper resistance" against MITM attacks, at least the possibility for
post-facto "tamper detection".
However, changing https to allow untrusted root certs without warnings
might not be a good idea - users expect an https URL to be authenticated,
so this changes the semantics.
Maybe unauthenticated, ie "opportunistic", encryption in HTTP with SSL/TLS
should happen via something like the RFC 2817 upgrade mechanism? (I believe
this particular mechanism has problems). The server could advertise that
it supports opportunistic encryption, and a browser could choose it
automatically, and the user wouldn't even be notified. Then https
semantics could be left unchanged.
Trevor
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list