[Cryptography] Questions about crypto that lay people want to understand

ianG iang at iang.org
Sun Dec 27 10:24:16 EST 2015 

On 26/12/2015 00:30 am, John Levine wrote:
>> That's marketing.  This is liability:
>>
>> NEITHER PARTY WILL BE LIABLE UNDER ANY CIRCUMSTANCES WHATSOEVER FOR ANY
>> CONSEQUENTIAL, INDIRECT, SPECIAL, PUNITIVE, INCIDENTAL OR EXEMPLARY
>> DAMAGES, INCLUDING WITHOUT LIMITATION LOST PROFITS OR REVENUES, WHETHER
>> FORESEEABLE OR UNFORESEEABLE, EVEN IF SUCH PARTY HAS BEEN ADVISED OF
>> THE POSSIBILITY OF SUCH DAMAGES.
>>
>> http://www.symantec.com/content/en/us/about/media/repository/ssl-subscriber-agreement.pdf
>
> Right, that limits liability to actual damages, which is not the same
> thing as no liability.  A part of the agreement you left out refers to
> their "protection plan", which pays up to $1.5M in case of some admittedly
> unlikely breaches on Symantec's part.
>
> https://www.thawte.com/assets/documents/repository/agreements/extended-warranty-program.pdf


I'm not saying it doesn't exist - I'm saying it is there for marketing, 
not for insurance.

Has it ever paid out?

It is an old trick in the insurance industry - to sell an insurance or 
warranty protection for something that never or rarely happens or will 
never pay out for "legal construction" reasons.  Another old trick is to 
put an excessive requirement for insurance into a standard, knowing that 
large firms can handle this more easily than small firms.  It's called a 
"barrier to entry."


>> It's hard to see, yes.  How about:  the CAs actively stop the browsers
>>from changing the security model to deal with any alternate model that
>> might prevent the spoofing, on the assumption that any better security
>> model won't sell as many certificates.
>
> I'm intrigued.  What are these alternate models that Microsoft and
> Google would implement if they weren't under the thumb of the industry
> giants in the CAB forum?

Certificate Transparency would be one of those :)  Also Identity based 
encryption, from an email address.  Skype or SSH opportunistic models. 
Certificate pinning - proposed in the mid 2000s, rejected then, now 
enjoying a resurgance (because?).  Full SSL rather than half-baked 
server-auth where every browser creates client certs on the fly, one per 
site and automatically authenticates itself to the server.  Gmail 
authentication based on all of google's capabilities.  Same with Office360.

Think of it like a grad student problem - throw the problem at a couple 
of grad students and see what they come up with.  Is there any reason to 
believe that the PKI model that dates back to a 1980s masters thesis and 
was designed in a 1-telephone-national-telco world is the last word in 
security?

What we are seeing is that Google is breaking away from the traditional 
model by re-doing the whole lot.  Started with CT, moved over to QUIC, 
then to HTTPS2.  The reason (I theorise) that google is doing this is 
because it's been caught on both sides of the client-server divide, in 
ways that the the other suppliers have not (not a particularly strong 
theory, but the only one I've got).

We're also seeing the steady evolution of the browser manufacturer as 
super-CA or über-CA.


>>> The attack du jour is spear phishing a company's CFO or accounting
>>> clerk to send fake mail appearing to be from the boss ...
>
>> Which in theory is stopped by the security model - email that is signed
>> by the real boss looks different to the non-real boss.
>
> The security model is that the clerk looks at her fripping mail, knows
> that the real boss doesn't send mail from boss43542 at yahoo.com, and
> calls the boss on the phone to verify odd requests.  Too many medium
> and small businesses are run by people who imagine that this could
> never happen to them and think that they're too busy and important to
> use security protocols, even simple ones like code words that they're
> supposed to put in any message authorizing a payment.  You could put
> all the S/MIME keys you want into the MUAs and it wouldn't make any
> difference.


Does "blame the user" mean that users are inadequate or that they 
security model is inadequate?



iang

More information about the cryptography mailing list