Who's afraid of Mallory Wolf?

Mon Mar 24 21:19:57 EST 2003

So far, as I see it, this is not an issue of specific SSL protocol, but of
unrestrictive browser to user interfacing. The only MITM attacks that have
been practical valid attacks as of lately were specific to microsoft browser
issues when interfacing with SSL. On another note, MITM attacks on SSL, is
strictly a user education issue. How many users know what a fingerprint is,
or what it is designed for? Unless we either force the browser to be that
strict and never interface with unseen  or untrusted fingerprints
(impractical), what can you do?

----- Original Message -----
From: "Jeroen C. van Gelderen" <jeroen at vangelderen.org>
To: "Peter Clay" <pete at flatline.org.uk>
Cc: "Ian Grigg" <iang at systemics.com>; <cryptography at wasabisystems.com>
Sent: Monday, March 24, 2003 4:50 PM
Subject: Re: Who's afraid of Mallory Wolf?

On Monday, Mar 24, 2003, at 11:37 US/Eastern, Peter Clay wrote:

> On Sun, 23 Mar 2003, Ian Grigg wrote:
>
>> Consider this simple fact:  There has been no
>> MITM attack, in the lifetime of the Internet,
>> that has recorded or documented the acquisition
>> and fraudulent use of a credit card (CC).
>>
>> (Over any Internet medium.)
>
> How do you view attacks based on tricking people into going to a site
> which claims to be affiliated with e.g. Ebay or Paypal, getting them to
> enter their login information as usual, and using that to steal money?
>
> It's not a pure MITM attack, but the current system at least makes it
> possible for people to verify with the certificate whether or not the
> site
> is a spoof.

Correct. On the other hand, in a lot of cases people cannot be expected
to do the verification. This shows in the number of people that can be
tricked into being spoofed out of their passwords, even when
certificates are deployed. That is not an argument against certificates
though, it is (partially) an argument against broken user interfaces.

> Just out of interest, do you have an economic cost/benefit analysis for
> the widespread deployment of gratuitous encryption?

What makes you say it is gratuitous? Or: how can you state my privacy
is gratuitous?

> It's just not that important. If your browsing privacy is important,
> you're prepared to click through the alarming messages. If the value of
> privacy is less than the tiny cost of clicking "accept this certificate
> forever" for each site, then it's not a convincing argument for
> exposing
> people who don't understand crypto to the risk of MITM.

This is illogical. Even if a server operator would prefer to allow
unauthenticated encryption, he cannot do so without annoying 90% of his
customers because they too will be getting these alarming messages. In
general, if my browsing privacy is important to me and the server
operator is willing to accomodate me, he cannot do so.

This however still does not constitute an argument against
certificates. It can be morphed as an argument against browsers not
supporting Anonymous-DH. (Note that I'm favoring treating sites
offering ADH the same as sites offering a certificate. Each offers
different functionality which should be distinguishable in the GUI.)

Cheers,
-J
--
Jeroen C. van Gelderen - jeroen at vangelderen.org

                 The python
            has, and I fib no fibs,
              318 pairs of ribs.
       In stating this I place reliance
   On a séance with one who died for science.
     This figure is sworn to and attested;
     He counted them while being digested.
             -- Ogden Nash

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at wasabisystems.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com