[Cryptography] Encryption opinion

ianG iang at iang.org
Tue Aug 26 08:12:02 EDT 2014 

On 25/08/2014 22:52 pm, Bear wrote:
> On Mon, 2014-08-25 at 11:50 +0100, ianG wrote:
> 
>> Phishing is an MITM.
> 
> No.
> 
> Please don't muddy technical terms.  We need the precision
> your argument would destroy here if we're going to have a 
> meaningful technical discussion.  Once we start confusing 
> one thing with another the discussion ceases to be precise 
> and all-too-easily ceases to address what we intend to 
> address.


Those technical terms were muddied and destroyed way back when.  That is
the flip side of the point;  the terms are used one way in one
conversation and another way in another.


> Phishing is a social attack taking advantage of human 
> confusion.


Fair characterisation, albeit an unsporting attempt to point the finger
at the user.

Does not make it not an MITM.


> We can combat it by creating UI's that reduce 
> human confusion.


I agree.  Why didn't they?


> MITM is a technical attack taking advantage
> of protocol weakness.  It needs an entirely different means 
> to combat it, and needs to be considered separately.


We could try your definition if you like, but the consequences are
equally ugly, worse even.

If MITM is only 'technical' this means that HTTPS only provides
technical protection.  Which is then going to knock out claims of HTTPS
ensuring you talk to your bank, because it can no longer do that, it's
not a social or human entity.

Which still leaves the browsers in deep-do-do because they have to
comprehensively translate the technical information they receive into
protection information for the user.  Only the browser can ensure you
are talking to your human counterparty, right?

Yet, users & vendors have been told repeatedly that HTTPS/SSL ensures
that they are talking to the agent that the user wanted to talk to.
Which, now that we are drawing precise lines in the sand with neoMITM,
is revealed as a deception, because it cannot make that statement.

Which deception they fell for, perhaps because vendors didn't want to
employ the serious architects to do that, they were happy for engineers
to follow the PKI playbook?  (Speculation as to reason, granted.)

The deception foisted on the browser vendors by the combined technical
community is a killer, it's far more deleterious than misuse of the term
MITM.  Basically the 'technical community' has unprofessionally looked
after its own house (jobs for everyone, more algorithms than can be
counted, heartbleed at a cost of $500m [0], etc) and sold a dangerous
product on without a proper warning manual.

If it were professional, we'd be looking at gross or criminal
negligence?  Deception?  Fraud if anyone participated in the spoils.

Pick which side of the fence you want to be on?  It's turtles all the
way down, the only choice is how fast you slide.

I'd prefer the side of "we made a mistake, we were wrong, we forgot that
an MITM could happen outside the tech, now you have to fix it, sorry."
We can get away with this because when it was all done in the 1990s,
nobody (including me) understood the way risk management works.

Now we do, or we should, if we're professional.


> This is not to say that phishing is unimportant; it is just 
> as important as MITM and needs just as much to be addressed.


Phishing turns out to be far more important than (technical) MITM.  The
only serious record we have of MITM is phishing.  Active attacks against
small individuals were pretty much non-existent, except for phishing.

Help me, please, by providing evidence against.  Hence, newer risk
analysis approaches to security have struggled to find a believable case
for (technical) MITM on the net [2].  Even now, post-Snowden, there's
little to practically no evidence of a threat [3].

We got sold a hill of beans, to use an Americanism.


> But addressing it does not affect and is not affected by 
> the need to address MITM and conflating the terms in any way
> is counterproductive. 


It's better to treat the terms for what they are.  A simple, conceptual
description of agents trying to talk to each other.  Stick artificial
limits on it like "only crypto protocols can be MITM'd" and you're going
to get yourself in trouble.


> MITM is precise; if your bank is not trying to communicate
> with you, and the phisher is not intercepting the bank's 
> communication in flight, then a phisher pretending to be 
> your bank is not engaging in an MITM. 


???  If you are trying to communicate with your bank, and the phisher
has taken those comms before they get to the bank, then that's an MITM.


> MITM is by nature three-sided.  There is you, your correspondent, 
> and the adversary is someone between you in the communications 
> channel.  If you don't have all three, then you don't have 
> MITM.


Check, check, check.



iang



[0] http://financialcryptography.com/mt/archives/001515.html
[1] or nuisance level like bots and viruses, which were more resource
thefts than money thefts.
[2] I guess we should include corporate middleboxen in this, and GWoC,
but as that's the 'legal' or one of the parties and/or ok... it's not a
threat by definition.  Even cafe wireless attacks seem to be more
mythology than fact.

More information about the cryptography mailing list