[Cryptography] "we need to protect [our dox] by at least encrypting them"

Sun Nov 13 15:00:11 EST 2016

On 09/11/2016 14:58, Michael Kjörling wrote:
> On 8 Nov 2016 10:10 +0000, from pgut001 at cs.auckland.ac.nz (Peter Gutmann):
>> just following the old "anything HTTP is unsafe, anything HTTPS is
>> safe" that hasn't done anything to stop phishing, malware, or any of
>> the other fun stuff on the web.
>
> That line of reasoning is brought up time and again here. Let me ask
> just one _totally honest_ question: Was SSL ever designed to protect
> against such threats? (Not "sold as a way to", but "designed to".) Yes
> or no? If yes, then since when?

Yes it was:

SSL has two way authentication built in.  The other way is called client 
certificates.  With full authentication, there isn't a way for the 
phisher's website to ask for a login & password, and to then go and use 
them on the primary site.

Also, the original model, pre-Netscape 1.0 was that the user was 
supposed to authenticate the CA, HTTPS and the website name.  In the 
original PKI concept the user was expected to be part of the security 
model.  What Netscape discovered however was that they were moving from 
a technically savvy audience to a non-tech audience.  So the approach as 
built up over a decade of writing and thinking was ... broken before it 
saw full release.

(You might not like the solution or the implementation might be weak, 
but I think I'm answering your direct question.)

> Because if it wasn't, the above seems to me to be somewhat akin to
> blaming window manufacturers because someone can take a chainsaw or a
> sledgehammer to a wooden door and enter a house that way, despite the
> fact that the family pet is properly cared for.

So, even if you don't think that SSL was designed to prevent MITM of the 
nature of phishing, it has another effect which is quite bad:  it is the 
security system of record.  It's existence blocks others, blocks evolution.

This is not a cryptographic thing - but an institutional thing.  SSL's 
in place, and so are the RFCs, the CAs, the committees, the training, 
the certs, the CABForums, the corps, the legals, the contracts, the 
devs, the thinking, the beliefs and last but not least, the lines of 
code.  Putting in place another security system (whatever that is) is an 
inordinately difficult task.

So yes, we can blame SSL for not addressing phishing.  But some part of 
the causality is outside the technology.  In part we're blaming the 
people for not recognising phishing as a threat to their users.  But the 
people will never accept the blame so it's pointless to write it out 
like that.  It's actually politer to say "SSL doesn't defend."

> That's not to say that the threats you list are irrelevant, and that
> they should be ignored in today's world; only that we can't expect
> some technology to, except perhaps by pure chance, solve a problem
> that _it was never even designed to solve_.

So, in 2005 when phishing took off from a broken start in 2003 ... 
nothing much happened.

What technology would you put in place today to stop these threats?

Assuming we recognise Phishing to be a threat, surely we'd put something 
in place, right?

iang