Who's afraid of Mallory Wolf?

Jeroen van Gelderen jeroen at vangelderen.org
Tue Mar 25 15:28:28 EST 2003 

On Tuesday, Mar 25, 2003, at 14:38 US/Eastern, Ed Gerck wrote:
> Jeroen van Gelderen wrote:
>
>> 3. A significant portion of the 99% could benefit from
>>     protection against eavesdropping but has no need for
>>     MITM protection. (This is a priori a truth, or the
>>     traffic would be secured with SSL today or not exist.)
>
> Let me summ up my earlier comments: Protection against
> eavesdropping without MITM protection is not protection
> against eavesdropping.

You are saying that active attacks have the same cost as passive 
attacks. That is ostensibly not correct.

> In addition,  when you talk about HTTPS traffic (1%) vs.
> HTTP traffic (99%) on the Internet you are not talking
> about user's choices -- where the user is the party at risk
> in terms of their credit card number. You're talking about
> web-admins failing to protect third-party information they
> request.

Not at all. That assertion is nowhere to be found in my original post 
either.

I am talking about a website like -say- Cryptix (or Dilbert, or The 
Onion, or whichever). Websites where we do not have any requirement of 
offering the user any privacy whatsoever. Where we do not collect CC 
numbers. Where we do in fact not collect much of anything. And where we 
definitely don't have money for an SSL certificate. Where in fact any 
effort spent on this stuff is an incredible waste of resources.

What we would like to do however is offer a little privacy protection 
trough enabling AnonDH by flipping a switch. I do have CPU cycles to 
burn. And so do the client browsers. I am not pretending to offer the 
same level of security as SSL certs (see note [*]).

Enabling AnonDH will eliminate passive attacks at near zero cost and 
thus *raise* *the* *cost* of eavesdropping. For one it will render mere 
recording of HTTP traffic useless, which, in my book is a plus. We 
obviously don't care to *eliminate* eavesdropping because we are 
happily putting up with that today.

You seem to be asserting that increasing the cost of eavesdropping by a 
small amount is worthless. I'm sorry but I don't see how that makes 
sense. It is the difference between simply mirroring Google's OC48 to 
and NSA-owned port on the switch and redirecting the OC48 trough a 
real-time, low-latency NSA-owned MITM device. Without being detected.

I'm proposing a slight, near-zero-cost improvement[*] in the status 
quo. You are complaining that it doesn't achieve perfection. I do not 
understand that.

Cheers,
Jeroen

[*]

"Now, this is could be achieved by enabling AnonDH in the SSL 
infrastructure and making sure that the 'lock icon' is *not* 
*displayed* when AnonDH is in effect. Also, servers should enable and 
support AnonDH by default, unless disabled for performance reasons."

-- 
Jeroen C. van Gelderen - jeroen at vangelderen.org

"They accused us of suppressing freedom of expression.
This was a lie and we could not let them publish it."
   -- Nelba Blandon,
      Nicaraguan Interior Ministry Director of Censorship


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list