PKI too confusing to prevent phishing, part 28

Jerrold Leichter leichter at
Sun Sep 25 23:39:41 EDT 2005

| <>
| Summary: some phishes are going to SSL-secured sites that offer up 
| their own self-signed cert. Users see the warning and say "I've seen 
| that dialog box before, no problem", and accept the cert. From that 
| point on, the all-important lock is showing so they feel safe.
| Although the company reporting this, SurfControl, is known for 
| alarmism, this is a completely predictable situation. If users can 
| hold one bit and the bit is "look for the lock", then phishers will 
| do anything to get the lock up there.
Just another indication that PKI as it was supposed to be done during the 
Internet boom is dead.  There are plenty of legitimate sites that are using 
self-signed certs.  (An ISP I use has one - and, while not one of the majors, 
it's not a mom-and-pop operation either.  They used to have a cert from 
Verisign or one of the other big providers.  After that expired, they kept 
using it for about a month - then put the self-signed one in its place.)
On this list, we see plenty of (quite plausible) arguments that a self-
signed cert is better than no cert at all:  At least it can be used in an 
SSH-like "continuity of identity" scheme.

Talking about users as being able only to hold one bit continues an 
unfortunate attitude that, if only users weren't so dumb/careless/whatever, we 
wouldn't have all these security problems.  Between the hundreds of CA's that 
browsers are shipped with - all allegedly trustworthy; the sites whose certs 
don't match their host names; the random links that appear to be within one 
site but go off to others with no relationship that anyone can discern to the 
original; the allegedly-secure sites that don't use https until you log in; 
all the messages telling you to ignore security warnings; and now the growing 
number of sites that use self-signed certificates ... as far as I'm concerned, 
SSL for browsers has gotten to the point where one could legitimately argue 
that it's *bad* for security, because it leads people to believe they have a 
secure connection when very often they don't.  Perhaps if they realized just 
how insecure the whole structure really is these days, there would be some 
pressure - in the form of even more people voting with their feet and refusing 
to participate - to actually get this right.

(BTW, I'll add one more tale to the "ignore security warnings" thread:  If
you try to use Windows Update these days, it asks you to update the updater.
If you agree, a .CAB file gets downloaded.  The .CAB file is properly signed 
by Microsoft.  Inside it are three other files.  These individual files are 
*not* signed.  You get warnings for each one, asking if the installer should 
go ahead and use them even though they are unsigned.  If you decline ... you 
can't use Windows Update.)
							-- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list