ID "theft" -- so what?

Ian Grigg iang at systemics.com
Thu Jul 14 10:37:05 EDT 2005


(Dan, in answer to your question on certs, below.)


On Thursday 14 July 2005 14:19, Perry E. Metzger wrote:
> 
> Ian Grigg <iang at systemics.com> writes:
> >> It's 2005, PKI doesn't work, the horse is dead.
> >
> > He's not proposing PKI, but nymous accounts.  The
> > account is the asset, the key is the owner;
> 
> Actually, I wasn't proposing that. I was just proposing that a private
> key be the authenticator for payment card transactions, instead of the
> [name, card number, expiration date, CVV2] tuple -- hardly a
> revolutionary idea. You are right, though, that I do not propose that
> any PK_I_ be involved here -- no need for certs at all for this
> application.
> 
> I don't claim this is a remotely original idea, by the way. I'm just
> flogging it again.

Well, that's helpful.  Having built one or two of
these things (and I know of 3 others on the list
that have done the same thing) it helps to know
we aren't starting from scratch.

> > But, thank the heavens that we now have reached
> > the point where people can honestly say that PKI
> > is the root cause of the problem.
> 
> "Root Cause of the Problem" isn't correct either. It is better to say 
> that PKI doesn't solve many of the hard problems we have, or, in some
> cases, any problems -- it doesn't per se cause any problems, or at
> least not many.
> 
> This is not a "new realization" -- this goes back a long way.


OK, so maybe this part is the new realisation:

The browser security model includes PKI for two
purposes - MITM protection and spoofing protection.
Ignoring MITM (today), the spoofing protection is
supposed to alert the user that the cert and the
site don't match.

Phishing is a spoof - the wrong site is used.  So
SSL+PKI should pick that up.  It isn't.  Why?
Simply put because the browser too easily lets
SSL's anti-spoofing protection not be seen.  It's
not being done properly.

Why is that?  Because the browser people are
under severe constraints - your words - and
nobody is correcting their missunderstandings.
No security folk, no security companies, no CAs,
just a few researchers (some lurking here...).

Too many words?  OK, here's the short version
of why phising occurs:

"Browsers implement SSL+PKI and SSL+PKI is
secure so we don't need to worry about it."

PKI+SSL *is* the root cause of the problem.  It's
just not the certificate level but the business and
architecture level.  The *people* equation.

> People were saying PKI was a bad idea a decade ago or more. A number
> of the people here, including me, gave talks on that subject years
> ago. I spoke against PKI during the debate I was invited to at the
> Usenix Electronic Commerce Workshop in 1998 or so, and at many
> opportunities before and since. Dan Geer has a pretty famous screed on
> the subject. Peter Gutmann talks about the follies of X.509 so often
> it is hard to keep up. I don't mean to single us out as visionaries --
> we were just saying things lots of other people were also saying.
> 
> Honestly, where have you been?

I've been over at Mozilla trying to tell them the PKI
isn't doing it's job.  Peter Gutmann and Amir Herzberg
have been there supporting this push.  They're not
visionaries either but at least they put their money
where their mouths are - trying to get Mozo people
to touch up the PKI + SSL code to deal with spoofing.

(Demos and code available on request !!!!)

We recently set up a new
group for all anti-phishing researchers so they could
congregate and cross-fertilise ideas in a scientific
fashion.  I'm proud to say that in less than one month
our understanding of phishing and the browser
security model has significantly advanced.

We've talked to dozens of programmers over on the
Mozilla camp, sadly without success and I think that's
because the crypto community has been relatively
silent on this issue.  Most over in the browser
community remain simply unaware and uneducated
on the reasoning behind the security model, and how
out of date it is.

So, where have you been, Perry?  If you wish to
patronize me (on a public list, with no right of reply!)
do so from a position of strength.

> > Can you now tell the browser people?
> 
> I can smell the rest of this discussion right now, Ian. You'll
> misunderstand the constraints the browser people are under, and start
> claiming SSL is bad (or unnecessary) about 20 seconds after that. I'm
> not playing the game.

Perry, for the last few months or so the game
you have been playing is "disagree with Ian,
rag him in public, drop his posts."

I don't mind .. but as I showed above, you are
100% diametrically wrong about what it is I am
saying or likely to say.  Just so you're aware
that you're inventing the rest of the discussion
and disagreeing with your own invention...

iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list