[Cryptography] Is it time for a revolution to replace TLS?

[Anne & Lynn Wheeler]

On 05/19/14 17:28, Jerry Leichter wrote:
> To this day, I've never seen a good description of a full protocol -
> from the end-user-visible components down to the bits on the wire -
> that, were it implemented, would solve the problem: How can I be sure
> that when the browser says I'm talking to eBay, I'm *really* talking
> to eBay?  (I not even concerned with the "my conversation is visible
> only to me and eBay" (encryption) part, was that's trivial once you've
> solved the "is it the right eBay" (authentication) part.)  Things like
> certificate pinning and such are an attempt to solve this problem
> without ripping out the entire existing SSL/PKI infrastructure - and
> are likely the only *practical* solution we are likely to get; but I'm
> not sure we even know what a "clean whiteboard" solution would look
> like.

somewhat having done e-commerce, in mid-90s we were invited to participate
in the x9a10 financial standard working group which had been given the requirement
to preserve the integrity of the financial infrastructure for *ALL* retail
payments. we did some number of end-to-end threat & vulnerability studies.

the result was x9.59 financial transaction standard which basically
was simple digital signature on standard payment transaction (smaller
enough to transmit end-to-end and authenticated with public key
onfile with users financial institutions).

the standard allowed for security proportional to risk ... i.e.
registering integrity level of the associated private key (software
key, hardware token key, integrity level of hardware token, etc).
the standard also allowed for co-signing by FINREAD conformant
hardware token interface ... developed in the 90s as countermeasure
to compromised PCs (i.e. had independent display and PIN entry
that token couldn't be operated w/o human action in secure
independent environment ... and transaction detail displayed
... which couldn't be spoofed by compromised PC).

One of the results, was attackers could no longer use information
from data breaches (at least involving x9.59 transactions) as enabler
for performing fraudulent financial transactions. x9.59 no longer
even needed ssl to hide financial transaction information as
countermeasure to fraudulent transactions.

A couple things happened start of the century

1) a large chipcard was deployed in the US with free chipcard
reader give away. However, they apparently wear obsolete serial-port
readers which resulted in significant customer support issues and
resulting rapid spreading opinion in the industry that chipcards
weren't practical in consumer market. Now 95-96 timeframe
there were presentations by dialup online banking operations
about main motivation to move to internet was significant
customer support problems with serial port dialup modems
(effectively support problems offloaded to ISPs). Apparently
institutional knowledge about the serial-port customer support
problems had evaporated in a 5yr period. Serial-port customer
support problems was also major motivation for USB. In the wake
of this effort, there was pullback from all consumer chipcard
related programs (including FINREAD).

2) In the same time frame, there were some number of chipcard-based
and non-chipcard "safe" payment products developed that had high acceptance by
major online ecommerce merchants (accounting for something like 70+%
of ecommerce transactions). Merchants had been indoctrinated for
decades that payment (interchange) fees had a significant fraud prorated
surcharge. The major merchants were expecting that "safe" internet
payment products would result in 90% reduction in the fees charged.
With payment fees accounting for something like 50% of bottom line,
a 90% reduction be a big hit. The banks decided that instead of
90% reduction for safe internet products, they would add a surcharge
to the highest rate the merchants were already paying. There result
was major cognitive dissonance with the merchants and whole thing
imploeded.