Who's afraid of Mallory Wolf?

Ian Grigg iang at systemics.com
Mon Mar 24 19:03:50 EST 2003


On Monday 24 March 2003 14:11, David Turner wrote:
> Grigg counts the benefits of living in a MITM-protected world (no MITM
> attacks recorded), as though they would happen with or without MITM
> protection.  Is there any reason to believe that's this is, in fact,
> true?

That is indeed the question, sans personal
issues.

> That is, if zero dollars were spent on MITM protection, would
> there still be no recoreded attacks?

Actually, I think that if zero dollars had been
spent on MITM protection for SSL, then there
may well have been some MITM attacks.

That then would be a good position to be in,
because we could measure the costs of those
attacks, and decide from a monetary perspective
whether protection at the level of requiring
signed certificates is a good thing or just a
waste of money.

My own guess is that MITM activity is so low
across all domains of the net that we would
not be able to reliably measure it, and if we
could measure it, we'd find it not sufficient
to mandate certificates as is currently done.

Which - to repeat - is not to remove certs
from the servers or browser, but to change
the way in which we assume that "only
cert-protected browsing is good enough."

The certs are really good for high end sites
(because, economically, they return benefits
even if there was no MITM threat).

But why are they needed for smaller things?
Why do I need a certficate to run an SSL
server so that my family can share snapshots
for instance?  Just a hypothetical...

> Until that's answered, Grigg's
> "economic" analysis is flawed.
> 
> "I used to get picked on, but since I bulked up and learned karate,
> nobody's picked on me.  I guess it was pointless to do those things."

You provided your own answer :-)  You used
to get picked on, so you had a measure of
its cost.  You acted to defend against those
costs.

Did you ever get MITM'd?  Anywhere?  Any
time?  Anyone you know?

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list