SSL, client certs, and MITM (was WYTM?)

Ian Grigg iang at systemics.com
Wed Oct 22 19:38:03 EDT 2003 

Tom Weinstein wrote:
> 
> Ian Grigg wrote:
> 
> > Nobody doubts that it can occur, and that it *can* occur in practice.
> > It is whether it *does* occur that is where the problem lies.
> 
> This sort of statement bothers me.
> 
> In threat analysis, you have to base your assessment on capabilities,
> not intentions. If an attack is possible, then you must guard against
> it. It doesn't matter if you think potential attackers don't intend to
> attack you that way, because you really don't know if that's true or not
> and they can always change their minds without telling you.

In threat analysis, you base your assessment on
economics of what is reasonable to protect.  It
is perfectly valid to decline to protect against
a possible threat, if the cost thereof is too high,
as compared against the benefits.

This is the reason that we cannot simply accept
"the possible" as a basis for engineering of any
form, let alone cryptography.  And this is the
reason why, if we can't measure it, then we are
probably justified in assuming it's not a threat
we need to worry about.

(Of course, anecdotal evidence helps in that
respect, hence there is a lot of discussion
about MITMs in other forums.)

iang

Here's Eric Rescorla's words on this:

http://www.iang.org/ssl/rescorla_1.html

The first thing that we need to do is define our <i>threat model.</i>
A threat model describes resources we expect the attacker to
have available and what attacks the attacker can be expected
to mount.  Nearly every security system is vulnerable to some
threat or another.  To see this, imagine that you keep your
papers in a completely unbreakable safe.  That's all well and
good, but if someone has planted a video camera in your office
they can see your confidential information whenever you take it
out to use it, so the safe hasn't bought you that much.

Therefore, when we define a threat model, we're concerned
not only with defining what attacks we are going to worry
about but also those we're not going to worry about.
Failure to take this important step typically leads to
complete deadlock as designers try to figure out how to
counter every possible threat.  What's important is to
figure out which threats are realistic and which ones we
can hope to counter with the tools available.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list