[12841] in cryptography@c2.net mail archive
Re: Who's afraid of Mallory Wolf?
daemon@ATHENA.MIT.EDU (Jeroen C. van Gelderen)
Mon Mar 24 20:02:43 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
Date: Mon, 24 Mar 2003 19:50:39 -0500
Cc: Ian Grigg <iang@systemics.com>, cryptography@wasabisystems.com
To: Peter Clay <pete@flatline.org.uk>
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
In-Reply-To: <Pine.LNX.4.21.0303241616430.18111-100000@mccoy.flatline.org.uk>
On Monday, Mar 24, 2003, at 11:37 US/Eastern, Peter Clay wrote:
> On Sun, 23 Mar 2003, Ian Grigg wrote:
>
>> Consider this simple fact: There has been no
>> MITM attack, in the lifetime of the Internet,
>> that has recorded or documented the acquisition
>> and fraudulent use of a credit card (CC).
>>
>> (Over any Internet medium.)
>
> How do you view attacks based on tricking people into going to a site
> which claims to be affiliated with e.g. Ebay or Paypal, getting them =
to
> enter their login information as usual, and using that to steal money?
>
> It's not a pure MITM attack, but the current system at least makes it
> possible for people to verify with the certificate whether or not the=20=
> site
> is a spoof.
Correct. On the other hand, in a lot of cases people cannot be expected=20=
to do the verification. This shows in the number of people that can be=20=
tricked into being spoofed out of their passwords, even when=20
certificates are deployed. That is not an argument against certificates=20=
though, it is (partially) an argument against broken user interfaces.
> Just out of interest, do you have an economic cost/benefit analysis =
for
> the widespread deployment of gratuitous encryption?
What makes you say it is gratuitous? Or: how can you state my privacy=20
is gratuitous?
> It's just not that important. If your browsing privacy is important,
> you're prepared to click through the alarming messages. If the value =
of
> privacy is less than the tiny cost of clicking "accept this =
certificate
> forever" for each site, then it's not a convincing argument for=20
> exposing
> people who don't understand crypto to the risk of MITM.
This is illogical. Even if a server operator would prefer to allow=20
unauthenticated encryption, he cannot do so without annoying 90% of his=20=
customers because they too will be getting these alarming messages. In=20=
general, if my browsing privacy is important to me and the server=20
operator is willing to accomodate me, he cannot do so.
This however still does not constitute an argument against=20
certificates. It can be morphed as an argument against browsers not=20
supporting Anonymous-DH. (Note that I'm favoring treating sites=20
offering ADH the same as sites offering a certificate. Each offers=20
different functionality which should be distinguishable in the GUI.)
Cheers,
-J
--=20
Jeroen C. van Gelderen - jeroen@vangelderen.org
The python
has, and I fib no fibs,
318 pairs of ribs.
In stating this I place reliance
On a s=E9ance with one who died for science.
This figure is sworn to and attested;
He counted them while being digested.
-- Ogden Nash
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
