On Sun, Oct 14, 2012 at 4:21 AM, ianG <i...@iang.org> wrote: > Hi Thierry, > > On 14/10/12 01:21 AM, Thierry Moreau wrote: >> >> ianG wrote: >>> >>> On 10/10/12 23:44 PM, Guido Witmond wrote: >>> >>>> 2. Use SSL client certificates instead; >>> >>> Yes, it works. My observations/evidence suggests it works far better >>> than passwords because it cuts out the disaster known as "I lost my >>> password...." >>> >>> It is what we do over at CAcert, [...] >> >> Sorry for the long digression below, the overall concern bugs me somehow. >> >> There is no doubts that the CAcert usage of client certificates is an >> interesting experiment/deployment. >> >> However, the limited value (of the CAcert activities enabled by a valid >> client certificate) for attackers reduces the conclusions that can be >> drawn from the deployment. >> >> When reviewing a security scheme design for a client organization, I had >> to ask myself what a potential attacker would attempt if the system was >> protecting million dollar transactions. > > Yes. We have to first figure out the business model. Then extract from > that a model of threats, and finally come up with a security model to > mitigate the threats while advancing the business model. > > If your business is dealing with million dollar transactions, can I ask if > you are using browsers at all in that scenario? If so, isn't there > something wrong with this scenario? > > [SNIP] > > What you're now likely to question is whether the browser is a secure enough > container to stop attacks from other vectors? It's not. Which is why > browsers shouldn't be used for online payments of significant value. At > all. But it is the browser that is at fault here, and its failure to > protect the user is orthogonal to the question of passwords versus > client-certs. Bingo!
Usability issues aside, the browser (HTML/CSS/JavaScript based applications) can only handle low value data. http://www.google.com/#q=webkit+site:nvd.nist.gov. Well written native applications on mobile devices can usually handle about medium value data (some hand waiving). Another thing that folks don't want to accept: mobile devices can't handle high value data that is to be available offline. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography