[141420] in cryptography@c2.net mail archive
Re: Security by asking the drunk whether he's drunk
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Dec 30 10:06:20 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: benl@google.com, dmolnar@eecs.berkeley.edu
Cc: cryptography@metzdowd.com
In-Reply-To: <49569290.7050503@eecs.berkeley.edu>
Date: Mon, 29 Dec 2008 23:10:49 +1300
David Molnar <dmolnar@eecs.berkeley.edu> writes:
>Service from a group at CMU that uses semi-trusted "notary" servers to
>periodically probe a web site to see which public key it uses. The notaries
>provide the list of keys used to you, so you can attempt to detect things
>like a site that has a different key for you than previously shown to all of
>the notaries. The idea is that to fool the system, the adversary has to
>compromise all links between the target site and the notaries all the time.
I think this is missing the real contribution of Perspectives, which (like
almost any security paper) has to include a certain quota of crypto rube-
golbergism in order to satisfy conference reviewers. The real value isn't the
multi-path verification and crypto signing facilities and whatnot but simply
the fact that you now have something to deal with leap-of-faith
authentication, whether it's for self-generated SSH or SSL keys or for rent-a-
CA certificates. Currently none of these provide any real assurance since a
phisher can create one on the fly as and when required. What Perspectives
does is guarantee (or at least provide some level of confidence) that a given
key has been in use for a set amount of time rather than being a here-this-
morning, gone-in-the-afternoon affair like most phishing sites are. In other
words a phisher would have to maintain their site for a week, a month, a year,
of continuous operation, not just set it up an hour after the phishing email
goes out and take it down again a few hours later.
For this function just a single source is sufficient, thus my suggestion of
Google incorporating it into their existing web crawling. You can add the
crypto rube goldberg extras as required, but a basic "this site has been in
operation at the same location with the same key for the past eight months" is
a powerful bar to standard phishing approaches, it's exactly what you get in
the bricks-and-mortar world, "Serving the industry since 1962" goes a lot
further than "Serving the industry since just before lunchtime".
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
