Security by asking the drunk whether he's drunk

Mon Dec 29 13:02:29 EST 2008

On Mon, Dec 29, 2008 at 10:10 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> David Molnar <dmolnar at eecs.berkeley.edu> writes:
>
>>Service from a group at CMU that uses semi-trusted "notary" servers to
>>periodically probe a web site to see which public key it uses. The notaries
>>provide the list of keys used to you, so you can attempt to detect things
>>like a site that has a different key for you than previously shown to all of
>>the notaries. The idea is that to fool the system, the adversary has to
>>compromise all links between the target site and the notaries all the time.
>
> I think this is missing the real contribution of Perspectives, which (like
> almost any security paper) has to include a certain quota of crypto rube-
> golbergism in order to satisfy conference reviewers.  The real value isn't the
> multi-path verification and crypto signing facilities and whatnot but simply
> the fact that you now have something to deal with leap-of-faith
> authentication, whether it's for self-generated SSH or SSL keys or for rent-a-
> CA certificates.  Currently none of these provide any real assurance since a
> phisher can create one on the fly as and when required.  What Perspectives
> does is guarantee (or at least provide some level of confidence) that a given
> key has been in use for a set amount of time rather than being a here-this-
> morning, gone-in-the-afternoon affair like most phishing sites are.  In other
> words a phisher would have to maintain their site for a week, a month, a year,
> of continuous operation, not just set it up an hour after the phishing email
> goes out and take it down again a few hours later.
>
> For this function just a single source is sufficient, thus my suggestion of
> Google incorporating it into their existing web crawling.  You can add the
> crypto rube goldberg extras as required, but a basic "this site has been in
> operation at the same location with the same key for the past eight months" is
> a powerful bar to standard phishing approaches, it's exactly what you get in
> the bricks-and-mortar world, "Serving the industry since 1962" goes a lot
> further than "Serving the industry since just before lunchtime".

Two issues occur to me. Firstly, you have to trust Google (and your
path to Google).

Secondly, and this seems to me to be a generic issue with Perspectives
and SSL - what happens when the cert rolls? If the key also changes
(which would seem to me to be good practice), then the site looks
suspect for a while.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com