SSL, client certs, and MITM (was WYTM?)

Anton Stiglic astiglic at okiok.com
Thu Oct 23 10:46:57 EDT 2003


> I'm not sure how you come to that conclusion.  Simply
> use TLS with self-signed certs.  Save the cost of the
> cert, and save the cost of the re-evaluation.
> 
> If we could do that on a widespread basis, then it
> would be worth going to the next step, which is caching
> the self-signed certs, and we'd get our MITM protection
> back!  Albeit with a bootstrap weakness, but at real
> zero cost.

I know of some environments where this is done.  For example
to protect the connection to a corporate mail server, so that 
employees can read their mail from outside of work.  The caching 
problem is easily solved in this case by having the administrator 
distribute the self-signed cert to all employees and having them 
import it and trust it.  This costs no more than 1 man day per year.

This is near 0 cost however, and gives some weight to Perry's
argument.

> Any merchant who wants more, well, there *will* be
> ten offers in his mailbox to upgrade the self-signed
> cert to a better one.  Vendors of certs may not be
> the smartest cookies in the jar, but they aren't so
> dumb that they'll miss the financial benefit of self-
> signed certs once it's been explained to them.

I have a hard time believing that a merchant (who plans
to make $ by providing the possibility to purchase on-line)
cannot spend something like 1000$ [1] a year for an SSL 
certificate, and that the administrator is not capable of 
properly installing it within 1-2 man days.  If he can't install
it, just get a consultant to do it, you can probably get one
that does it within a day and charges no more than 1000$.

So that would make the total around 2000$ a year, let's 
generously round it up to 10K$ annum.
I think your 10-100 million $ annum estimate is a bit 
exaggerated...


[1] this is the price I saw at Verisign
http://www.verisign.com/products/site/commerce/index.html
I'm sure you can get it for cheaper. This was already 
discussed on this list I think...

--Anton

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list