On 19/09/11 02:22 AM, M.R. wrote:
On 18/09/11 10:31, Ian G wrote:
On the other hand, a perfectly adequate low-level retail
transaction security system can best be achieved by using a
trusted-third-party, SSL-like system.
That's a marketing claim. Best ignored in any scientific
> discussion.
Yes, I agree, let's ignore it!
In your view then, is the alternative at all a public key based
crypto system? If yes, is it SSH (or SSH-like) "trust on first
contact" or something else?
If the mission is to design an "adequate low-level retail transaction
security system" then TOFU (trust on first use) is perfectly adequate
for my money. If we're talking about credit cards, they already have a
defence built into to them, so we're covered both ways.
~I~ have a dream: one nice morning, in a year or two, when we download
the new release of our favorite browser, it all of a sudden tells us
if the server we are connecting to employs SSL-nouveau (with a series
of trusted third parties, and who exactly they are) or SSH-nouveau
(trusting the continuation of server's public key in our possession).
Right. And, we actually have that. The server can use SSL server certs
that are self-signed not CA-signed. At that point, SSL performs pretty
much like TOFU. What is needed then is some security UI work on the
browsers to benefit from the TOFU.
The funny thing is that SSL use would expand if we could easily use
self-signed. CAs would benefit, too. But, trying to talk marketing
concepts to vendors is like trying to talk deficit reduction to
politicians...
In that brave new world, the server operator might even give the
client a choice: if there was a previous contact, it is SSH-nouveau,
otherwise it is SSL-nouveau. And the users who are about to order
a $34.95 book from Amazon just click through, and those that are
about to overthrow, by blood and iron, the oppressive, dictatorial
government of Greater Horribilia actually know what the hell is
going on, and act with prudence commensurate to their calling...
Yes. Marrying TOFU with CA-signed works quite well. It's been demo'd
in various plugins. Having the client pin the certificate to the CA, is
more or less the same thing, it's an optimisation that the plugin people
discovered in the mid 00's when they worked through the concept.
The advantage of this approach is that the banks would get better
protection too, because some of the client-side innovations ("secure
bookmarks") would help a lot with phishing.
Absolute nirvana!
Assuming one takes the current infrastructure as a starting point :)
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
