Who's afraid of Mallory Wolf?
Jeroen van Gelderen
jeroen at vangelderen.org
Tue Mar 25 15:28:28 EST 2003
On Tuesday, Mar 25, 2003, at 14:38 US/Eastern, Ed Gerck wrote:
> Jeroen van Gelderen wrote:
>
>> 3. A significant portion of the 99% could benefit from
>> protection against eavesdropping but has no need for
>> MITM protection. (This is a priori a truth, or the
>> traffic would be secured with SSL today or not exist.)
>
> Let me summ up my earlier comments: Protection against
> eavesdropping without MITM protection is not protection
> against eavesdropping.
You are saying that active attacks have the same cost as passive
attacks. That is ostensibly not correct.
> In addition, when you talk about HTTPS traffic (1%) vs.
> HTTP traffic (99%) on the Internet you are not talking
> about user's choices -- where the user is the party at risk
> in terms of their credit card number. You're talking about
> web-admins failing to protect third-party information they
> request.
Not at all. That assertion is nowhere to be found in my original post
either.
I am talking about a website like -say- Cryptix (or Dilbert, or The
Onion, or whichever). Websites where we do not have any requirement of
offering the user any privacy whatsoever. Where we do not collect CC
numbers. Where we do in fact not collect much of anything. And where we
definitely don't have money for an SSL certificate. Where in fact any
effort spent on this stuff is an incredible waste of resources.
What we would like to do however is offer a little privacy protection
trough enabling AnonDH by flipping a switch. I do have CPU cycles to
burn. And so do the client browsers. I am not pretending to offer the
same level of security as SSL certs (see note [*]).
Enabling AnonDH will eliminate passive attacks at near zero cost and
thus *raise* *the* *cost* of eavesdropping. For one it will render mere
recording of HTTP traffic useless, which, in my book is a plus. We
obviously don't care to *eliminate* eavesdropping because we are
happily putting up with that today.
You seem to be asserting that increasing the cost of eavesdropping by a
small amount is worthless. I'm sorry but I don't see how that makes
sense. It is the difference between simply mirroring Google's OC48 to
and NSA-owned port on the switch and redirecting the OC48 trough a
real-time, low-latency NSA-owned MITM device. Without being detected.
I'm proposing a slight, near-zero-cost improvement[*] in the status
quo. You are complaining that it doesn't achieve perfection. I do not
understand that.
Cheers,
Jeroen
[*]
"Now, this is could be achieved by enabling AnonDH in the SSL
infrastructure and making sure that the 'lock icon' is *not*
*displayed* when AnonDH is in effect. Also, servers should enable and
support AnonDH by default, unless disabled for performance reasons."
--
Jeroen C. van Gelderen - jeroen at vangelderen.org
"They accused us of suppressing freedom of expression.
This was a lie and we could not let them publish it."
-- Nelba Blandon,
Nicaraguan Interior Ministry Director of Censorship
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list