Who's afraid of Mallory Wolf?

Trevor Perrin trevp at trevp.net
Mon Mar 24 14:35:23 EST 2003


At 11:10 PM 3/23/2003 -0500, Ian Grigg wrote:
>Automatically generated self-
>signed FREEDOM CERTIFICATES, as a convenient
>temporary measure until widespread Anonymous-
>Diffie-Hellman is deployed in the field, would
>appear to strike the quickest and most cost-
>effective blow for Browsing Liberty [2].

Even if Anonymous DH was widely deployed, it might be better to use 
self-signed certs, or certs signed by an untrusted root - the browser could 
remember the cert, and warn the user "this site has a different identity 
than last time".  Or the browser could log the certs that are used for 
connections, and at some later date, if the user suspected MITM attacks, 
the user could review the logs for discrepancies - thus giving, if not 
"tamper resistance" against MITM attacks, at least the possibility for 
post-facto "tamper detection".

However, changing https to allow untrusted root certs without warnings 
might not be a good idea - users expect an https URL to be authenticated, 
so this changes the semantics.

Maybe unauthenticated, ie "opportunistic", encryption in HTTP with SSL/TLS 
should happen via something like the RFC 2817 upgrade mechanism? (I believe 
this particular mechanism has problems).  The server could advertise that 
it supports opportunistic encryption, and a browser could choose it 
automatically, and the user wouldn't even be notified.  Then https 
semantics could be left unchanged.

Trevor 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list