[Cryptography] PRISM-Proofing and PRISM-Hardening
iang at iang.org
Tue Sep 24 04:52:46 EDT 2013
I think, if we are about redesigning and avoiding the failures of the
past, we have to unravel the false assumptions of the past...
On 20/09/13 01:21 AM, Phillip Hallam-Baker wrote:
> Bear in mind that securing financial transactions is exactly what we
> designed the WebPKI to do and it works very well at that.
Reasonable people may disagree with that claim.
PKI for the web was designed to secure *one small part* of the financial
process -- sending credit card numbers over the net. To secure
financial transactions without limit, we'd need an end-to-end solution.
E.g., online banking (which comes much later) requires an
authentication solution, which offering by WebPKI (the client cert) is
infamously not used; and, as a counterpoint, the biggest hacks occur at
the server, being that "large part" of financial transactions that
WebPKI explicitly ignored.
Further, "very well" is a gross exaggeration of marketing proportions.
In order to say it works "very well" at even its small part of
protecting access to servers, we'd have to solve the browser
authentication problem that is at the root cause of phishing. I grant
that the phishing bug was addressed at a level of PKI-me-harder, but we
still lack a solution...
> Criminals circumvent the WebPKI rather than trying to defeat it. If they
> did start breaking the WebPKI then we can change it and do something
Oh, they broke it. Criminals send an unauthenticated URL and the user
goes to that URL. The browser doesn't notice, the user doesn't notice,
and the implementors conspire not to notice. WebPKI is totally broken.
The fact that the criminals didn't follow the cutesy rules laid out in
the WebPKI security model is not a circumvention but a breach and an
excuse -- the rules weren't applicable to the real world.
And, regardless of whether we decide that it is circumvention or breach,
nothing positive was ever done about it. So we're left arguing about
the point of something that is too easy to circumvent and doesn't get
fixed. WebPKI is either an historical oddity or an economic drag on
(Quite where reasonable people might have a reasonable disagreement is
where the breach/circumvention is; that's an argument that will (and
did) roll on for a decade, which is perhaps why it never gets fixed...
insert long thread.)
> But financial transactions are easier than protecting the privacy of
> political speech because it is only money that is at stake. The
> criminals are not interested in spending $X to steal $0.5X. We can do
> other stuff to raise the cost of attack if it turns out we need to do that.
> So I think what we are going to want is more than one trust model
> depending on the context and an email security scheme has to support
Yes. Challenge is to get that into the supply chain.
> If we want this to be a global infrastructure we have 2.4 billion users
> to support. If we spend $0.01 per user on support, that is $24 million.
> It is likely to be a lot more than that per user.
> Enabling commercial applications of the security infrastructure is
> essential if we are to achieve deployment. If the commercial users of
> email can make a profit from it then we have at least a chance to co-opt
> them to encourage their customers to get securely connected.
It's either that, or bypass completely. I agree email looks difficult,
and the economics suggest bypass not rebuild.
> One of the reasons the Web took off like it did in 1995 was that
> Microsoft and AOL were both spending hundreds of millions of dollars
> advertising the benefits to potential users. Bank America, PayPal etc
> are potential allies here.
Curiously (digression), Paypal bought Skype for a secure end-to-end
solution to many of these problems. They never capitalised on it. Did
they ever say why?
More information about the cryptography