SSL, client certs, and MITM (was WYTM?)
Tom Otvos
tom.otvos at rogers.com
Wed Oct 22 17:42:22 EDT 2003
>
> Nobody doubts that it can occur, and that it *can*
> occur in practice. It is whether it *does* occur
> that is where the problem lies.
>
Or, whether it gets reported if it does occur.
> The question is one of costs and benefits - how much
> should we spend to defend against this attack? How
> much do we save if we do defend?
>
Absolutely true. If the "only" effect of a MITM is loss of privacy, then that is certainly a
lower-priority item to fix than some quick cash scheme. So the "threat model" needs to clearly
define who the bad guys are, and what their motivations are. But then again, if I am the victim of
a MITM attack, even if the bad guy did not financially gain directly from the attack (as in, getting
my money or something for free), I would consider "loss of privacy" a significant thing. What if an
attacker were paid by someone (indirect financial gain) to ruin me by buying a bunch of stock on
margin? Maybe not the best example, but you get the idea. It is not an attack that affects
millions of people, but to the person involved, it is pretty serious. Shouldn't the "server" in
this case help mitigate this type of attack?
>
> So, why bother with something that isn't a threat?
> Why can't we spend more time on something that *is*
> a threat, one that occurs daily, even hourly, some
> times?
>
I take your point, but would suggest "isn't a threat" be replaced by "doesn't threaten the
majority". And are we at a point where it needs to be a binary thing -- fix this OR that but NOT
both?
-- tomo
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list