Who's afraid of Mallory Wolf?

Bill Stewart bill.stewart at pobox.com
Tue Mar 25 15:22:40 EST 2003 

I get the impression that we're talking at cross-purposes here,
with at least two different discussions.  Let's look at several cases:

1 - Sites that have SSL and Expensive Certs that need them and need MITM 
protection
1a - 	These sites, but with other security holes making it easy to break in.
1b - 	These sites, broken by SSL bugs or browser bugs
2 - Sites that have SSL and Expensive Certs that don't need them,
	as long as they've got some crypto like self-signed certs,
	which don't give MITM protection
3 - Sites that don't have SSL today because it's too annoying,
	for which crypto would be useful,
	and ADH or self-signed certs would be good enough,
	because MITM isn't a big threat for them.
4 - Sites that don't need crypto.

Some people are arguing "Many Sites with SSL Certs are Type 2, Not Type 1"
	(No they're not!  Yes, they are!)
Some people are arguing "There are lots of Type 3, so we should support them
	better than we do today instead of requiring them to do Type 1"
	(I suspect that's what Ian was really trying to say,
	but most of the replies have been to the other question, e.g.
	"There are lots of Type 3!  No, there aren't many Type 2!
	Yes there *are* lots of Type 3!  No there ARENT'T many Type 2!"
	........ "Yes, there are lots of 1a, but that doesn't imply 2!"
	"Type 1+2 is 1% and 3+4 is 99%!  No, 1b was fixed"

One of the big reasons for DNSSEC was MITM protection,
at least before virtual hosting took over,
because it gave you a way to trust that the IP address you used
was the correct IP address for the domain name you wanted,
so you were probably talking to the right machine.
Of course that doesn't get you ARP-spoofing protection,
or eavesdropping protection unless you also use it as a crypto key
or at least a signature key for DH parts,
and doesn't protect you against other users on your machine
(but a shared machine doesn't have much protection anyway,
at least from root, so that was already part of your threat model,
and that's another 1-vs-1a variant, like the heavy-duty lock on your
apartment building front door when your own apartment door has a wimpy lock.)


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list