[Cryptography] phishing, was Encryption opinion

Jerry Leichter leichter at lrw.com
Wed Sep 10 07:45:13 EDT 2014 

On Sep 9, 2014, at 10:21 PM, ianG <iang at iang.org> wrote:
> ...MITM was introduced to the net from various sources as a key threat.  The one big threat that would tear everything apart.  So people responded to it....
If you're talking about SSL/HTTPS - this is a re-writing of history.  Some of the re-writing was almost contemporaneous, but it's still a re-writing.

SSL/HTTPS were introduced to "make the Web safe for e-commerce".  One part of this is obvious:  To this day, e-commerce sites tell you that your transactions are "protected by encryption", with the meaning being that they can't be observed and (perhaps, but few get that sophisticated) can't be altered.  But the threat most people understand is observation, and they want to be assured of protection against that.

The more subtle point, though, is what I call the secure introduction problem.  If I'm in a city I've never visited before and I see a sign for a Sheraton hotel, I know they'll have nice, clean rooms and be safe.  If I need to buy a new piece of luggage because the airline destroyed my bag, I can go into Macy's and buy one with the assurance that it won't be a piece of junk, that they'll stand behind it, etc.  If I'm hungry and I see a McDonald's ... well, let's not go there.

In all these cases, there are various external indicia of trustworthiness.  I listed examples that rely on trademarks, but there are plenty of other indicia in the real world that would lead me to trust (or not trust) a hotel that's not part of a chain, or local leather goods store, or a restaurant.  For those of us in the Western world, these indicia, while certainly not perfect, are in practice highly reliable.  (That's not true, for example, in China - where there have been whole fake divisions of well-known companies set up.)  A combination of economics - fakes that will fool people are expensive to produce - and enforced legal mechanisms, particularly trademarks - made, and keeps, the system effective.

When e-commerce was abornin', it wasn't at all clear that people would buy into it.  "On the Internet, no one knows you're a dog" was already a widely repeated trope.  With the screen resolutions and network speeds then available, no Web site could "look" very trustworthy (not that quality of visual representation ever *really* meant much - but it's something people are used to looking at).  The big problem was:  How do you get people to treat these new-fangled sites as "the real thing", worthy of trust and my hard-earned cash?  With so few existing businesses on line, it wasn't even clear that people would trust that "macys.com" really was Macy's.

Enter the certificate.  Here was an attestation by a "Higher Authority" that the site was what it claimed.  Psychologically, it also put a kind of stamp of approval on the site:  Having a certificate felt like having an expensive-looking storefront:  No scammer would bother to make the investment.

That certificates provided no guarantee even vaguely related to this apparent assurance was something only a small coterie of crypto experts understood.  And when scammers did indeed start buying certificates, the response was to double down with EV certificates - deliberately made expensive "to keep the scammers out" (right) and providing all kinds of words to re-assure you that these really were checked and backed by some "Higher Authority" (though they really weren't).  That wonderful green bar - in the US, at least, the color of money:  What a nice way to keep the illusion going.

MITM attacks?  Try and find people outside of the small group of experts who have any clue what those are.  If the term means anything at all to most people, it means that someone can *observe* transactions.

Note that there's a second problem, the Ongoing Connection problem:  I found the macys.com Web site last month and used it successfully (stuff arrived in a real Macy's box).  Just as in the real world I feel safe going back to a store that treated me well - implicitly assuming that "it's the same place" - I'm willing to go back to "the same web site".  While all the certificate stuff is nice, I doubt many people think it has a role in making sure that when I go to macys.com today, it's really the same macys.com I went to last month.  (And, in fact, *it doesn't even do that* - so in this case, that's a good thing!)

Once you see the distinctions between the problems, you can also see why encrypted email has never caught on.  Most email is exchanged by people who already know each other - or who are introduced by mutual friends.  Most people never need their email systems to solve the Introduction Problem.  And we believe we can recognize our correspondents, just as we recognize our friends by their faces, or their voice and manner of speaking on the phone, or their styles of writing, the subjects they talk about, the real-world events they refer to, in letters.  As a result, we believe we really don't need a solution to the Ongoing Connection problem either.  By the time email from commercial sites became commonplace, "everyone already knew" that you could validate the sender by these kinds of indicia.  All that was left was concern about eavesdropping - and it's not as if we've really worried much about eavesdropping on our phone conversations for many decades.  (I suspect the fact that so many people initially used the Internet over dialup connections helped establish the feeling that "listening in on Internet connections" is like "listening in on phone calls" - something that most people just don't worry about.)

There are multiple disconnects here:  Between what most people think systems are capable of providing; what they think they *actually do* provide; what makers of those systems *sell* as their capabilities; and what they systems actually can and do provide.  Pointing at one particular problem - MITM, which has, at least to me, a fairly narrow and clear *technical* definition - and somehow trying to stretch it to cover all the complex issues (either by broadening its definition to the point where it essentially means "any attack", or by saying it's the one problem that all the systems out there are trying to solve) doesn't help.  In fact, it makes things harder.
                                                        -- Jerry

More information about the cryptography mailing list