On Tuesday, Mar 25, 2003, at 14:38 US/Eastern, Ed Gerck wrote:
Jeroen van Gelderen wrote:
3. A significant portion of the 99% could benefit from protection against eavesdropping but has no need for MITM protection. (This is a priori a truth, or the traffic would be secured with SSL today or not exist.)
Let me summ up my earlier comments: Protection against eavesdropping without MITM protection is not protection against eavesdropping.
You are saying that active attacks have the same cost as passive attacks. That is ostensibly not correct.
In addition, when you talk about HTTPS traffic (1%) vs. HTTP traffic (99%) on the Internet you are not talking about user's choices -- where the user is the party at risk in terms of their credit card number. You're talking about web-admins failing to protect third-party information they request.
Not at all. That assertion is nowhere to be found in my original post either.
I am talking about a website like -say- Cryptix (or Dilbert, or The Onion, or whichever). Websites where we do not have any requirement of offering the user any privacy whatsoever. Where we do not collect CC numbers. Where we do in fact not collect much of anything. And where we definitely don't have money for an SSL certificate. Where in fact any effort spent on this stuff is an incredible waste of resources.
What we would like to do however is offer a little privacy protection trough enabling AnonDH by flipping a switch. I do have CPU cycles to burn. And so do the client browsers. I am not pretending to offer the same level of security as SSL certs (see note [*]).
Enabling AnonDH will eliminate passive attacks at near zero cost and thus *raise* *the* *cost* of eavesdropping. For one it will render mere recording of HTTP traffic useless, which, in my book is a plus. We obviously don't care to *eliminate* eavesdropping because we are happily putting up with that today.
You seem to be asserting that increasing the cost of eavesdropping by a small amount is worthless. I'm sorry but I don't see how that makes sense. It is the difference between simply mirroring Google's OC48 to and NSA-owned port on the switch and redirecting the OC48 trough a real-time, low-latency NSA-owned MITM device. Without being detected.
I'm proposing a slight, near-zero-cost improvement[*] in the status quo. You are complaining that it doesn't achieve perfection. I do not understand that.
Cheers, Jeroen
[*]
"Now, this is could be achieved by enabling AnonDH in the SSL infrastructure and making sure that the 'lock icon' is *not* *displayed* when AnonDH is in effect. Also, servers should enable and support AnonDH by default, unless disabled for performance reasons."
-- Jeroen C. van Gelderen - [EMAIL PROTECTED]
"They accused us of suppressing freedom of expression. This was a lie and we could not let them publish it." -- Nelba Blandon, Nicaraguan Interior Ministry Director of Censorship
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]