[Cryptography] Questions about crypto that lay people want to understand
iang at iang.org
Fri Dec 25 11:44:15 EST 2015
On 21/12/2015 02:26 am, John Levine wrote:
>>> Your bank only accepts https because they have insurance that will
>>> reimburse them if their certificate gets spoofed.
>> I'm not aware of any such insurance. Given that the CA's consistently refuse to accept any
>> liability, ...
> Uh, what? Symantec says their warranty will pay up to $1.75M, although
> when one looks at the fine print, the breaches they cover seem pretty
That's marketing. This is liability:
NEITHER PARTY WILL BE LIABLE UNDER ANY CIRCUMSTANCES WHATSOEVER FOR ANY
CONSEQUENTIAL, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR EXEMPLARY
DAMAGES, INCLUDING WITHOUT LIMITATION LOST PROFITS OR REVENUES, WHETHER
FORESEEABLE OR UNFORESEEABLE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES.
> The usual approach in bank spoofing is to use a different domain that
> sort of looks like the target. It's hard to see how anyone could blame
> that on the bank's own CA.
It's hard to see, yes. How about: the CAs actively stop the browsers
from changing the security model to deal with any alternate model that
might prevent the spoofing, on the assumption that any better security
model won't sell as many certificates.
Showing that in court is a bit more work though :)
> I presume banks have general insurance
> against fraud losses but I don't know the details or how willing
> insurers are to cover these particular losses.
>> generally get away with it. These are not attacks on HTTPS - they usually "go around" the
>> encryption by planting virus on the end-user machines using spear-fished emails.
> Somewhat surprisingly, companies are gettting better at preventing
> malware attacks, I think through combinations of using a dedicated
> computer for bank transactions and two-factor dongles into which you
> put some part of the recipient's account number to generate a
> validation code. We can consider this a minor crypto success.
> The attack du jour is spear phishing a company's CFO or accounting
> clerk to send fake mail appearing to be from the boss telling them to
> wire money to the crook's account. Since the transaction is entered
> and validated correctly, banks are generally off the hook, although
> well run banks will notice atypical transactions and try to warn the
Which in theory is stopped by the security model - email that is signed
by the real boss looks different to the non-real boss. Problem is, it
doesn't work, in practice. Fundamental reason it doesn't work is
because the CAs can't figure out a way to get everyone to pay for
individual certs. And even if they can't figure it out, they're sure to
block any attempts to use another technology. Deadlock, users are screwed.
More information about the cryptography