WYTM?

Bryce O'Whielacronx zooko at zooko.com
Thu Oct 16 13:51:17 EDT 2003


I am very much enjoying the discussion about threat models, web stores, etc.  
I'm interested to see a continual influx of spoofed e-mail from e-gold.com in 
my inbox, instructing me to click here to verify the safety of my account.

Here is a good rant from Schneier's "Secrets and Lies".  From Chapter 15, 
"Certificates and Credentials", section "PKIs On The Internet" (page 238).  
I will quote here the entire section.  The first couple of paragraphs are old 
hat to this audience, but if you haven't read this before then read it now.

Regards,

Zooko

   """
   PKIS ON THE INTERNET

   Most people's only interaction with a PKI is using SSL.  SSL secures web
   transactions, and sometimes PKI vendors point to it as enabling technology
   for electronic commerce.  This argument is disingenuous; no one is turned
   away at an online merchant for not using SSL.
      SSL does encrypt credit card transactions on the Internet, but it is not
   the source of security for the participants.  That security comes from credit
   card company procedures, allowing a consumer to repudiate any line item
   charge before paying the bill.  SSL protects the consumer from eavesdroppers,
   it does not protect against someone breaking into the Web site and stealing a
   file full of credit card numbers, nor does it protect against a rogue
   employee at the merchant harvesting credit card numbers.  Credit card company
   procedures protest against those threats.
      PKIs are supposed to provide authentication, but they don't even do that.
      Example one: the company F-Secure (formerly Data Fellows) sells software
   from its Web site at www.datafellows.com.  If you click to buy software, you
   are redirected to the Web site www.netsales.net, which makes an SSL
   connection with you.  The SSL certificate was issued to "NetSales, Inc.,
   Software Review LLC" in Kansas.  F-Secure is headquartered in Helsinki and
   San Jose.  By any PKI rules, no one should do business with this site.  The
   certificate received is not from the same company that sells the software.
   This is exactly what a man-in-the-middle attack looks like, and exactly what
   PKI is supposed to prevent.
      Example two: I visited www.palm.com to purchase something for my
   PalmPilot.  When I went to the online checkout, I was redirected to
   https://palmorder.modusmedia.com/asp/store.asp.  The SSL certificate was
   registered to Modus Media International; clearly a flagrant attempt to
   defraud Web customers, which I deftly uncovered because I carefully checked
   the SSL certificate.  Not.
      Has anyone ever sounded the alarm in these cases?  Has anyone not bought
   online products because the name of the certificate didn't match the name 
   on the Web site?  Has anyone but me even noticed?
      I doubt it.  It's true that VeriSign has certified this man-in-the-middle
   attack, but no one cares.  I made my purchases anyway, because the security
   comes from credit card rules, not from the SSL.  My maximum liability from a
   stolen card is $50, and I can repudiate a transaction if a fraudulent
   merchant tries to cheat me.  As it is used, with the average used not
   bothering to verify the certificates exchanged and no revocation mechanism,
   SSL is just simply a (very slow) Diffie-Hellman key-exchange method.  Digital
   certificates provide no actual security for electronic commerce; it's a
   complete sham.
   """

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list