On 3/1/09 03:17, Nelson B Bolyard wrote:
Ian G wrote, On 2009-01-02 01:28 PST:
Lots of very small stores try to do the right thing and set
up self-signed certs with their cousin or friend doing the website.
They get their cousin or friend to set up a web site for them, because
they don't know anything about web sites except that they must have one.
Their cousin/friend tells them "Your choices are to either pay $1000 per
year for a certificate or else let me make you a certificate for free."
He does not tell them "you also have choices to get certs that will work
in all browsers for less than $50/year", perhaps because he himself does
not know that.
Sure, there are thousands of stories. Once I did a very informal scan
of credit card and FORM in google, and through some scratch calculations
that something like 5% of merchants took credit card numbers through
HTTP (unreliable, anecdotal number).
Millions of stories :)
Then they discover that nobody can use the site, the admin wants more
money, [...] so they back off and use HTTP instead of HTTPS.
Yes, I agree, that does happen. But the answer is not to use self-signed
certs. It is to use cost effective CA issued certs.
Unfortunately not. If that is the answer then we wouldn't permit
self-signed certs at all. Old debate... We permit self-signed certs
and we have forgotten to add convenient management of certs (KCM). But
neither of us will win the debate today!
"Please be aware that this website is not fully protected with third
party claims by Certification Authorities. You may not be talking to
who you think you are talking to, be careful to check in other ways.
The problem with that is that the average user has NO IDEA WHATEVER of
any way to verify who he is talking to than to look at the CONTENT of
the site, and see if it looks like the content he expects from the real
site. So, he does that, and thinks that he has "been careful", just as
the suggested warning advises him, and he gets phished.
It is probably an accepted fact that the user doesn't understand this OR
ANY OTHER WORDS or any other actions that are required.
The choice is between:
a) including the user
b) hiding it from the user
Choose a or b. (And, consult your legal counsel about your choice.)
Whatever you do, don't choose both. Right now, Mozilla is at both :)
It includes the user sometimes (expects her to check the HTTPS display)
but not other times (expects her not to do anything else).
The choice between a and b probably rests on whether you want light
security or strong security. If strong security, it has to be a., as
from the discipline of security learnings, we know that the user is the
end of an end-to-end security system. (c.f., Kerckhoffs 6th, Shamir's 3rd.)
(Cunning thinkers of security will notice that Skype is clearly at b,
and SSH is at a.)
There are some (few) users who have become aware of the advice that they
must check that the certificate belongs to the intended party, but they
still have no concept of a MITM attack, so they look at the subject name
in the self-signed cert, and see that it bears the name of the company
they expect it to name, and they conclude that they have verified that
the cert is correct and proper, and they get phished.
Right. And some people who get phished by chrome replacements. And
some people who get phished from a cert that is from "bank-security.com"
or similar. And some people who get phished through CA issued certs.
And some people get phished from XSS attacks. And some people get taken
through malware. And some people get taken from nigerian 401 scams. And...
The problem is one of economic balance in the face of false negatives
and false positives, not of absolutes and static models.
Either way, the people who get phished, after thinking that they've taken
due care, conclude that there is no effective security on the internet.
OK. That would be in accord with the security conclusions of any
security team that worked through the full analysis in the late 90s when
online banking was starting up [1]. The market over-rode their
recommendations ... both at the micro level of each bank and the sector
level of countries versus countries.
So we would all be in agreement at that point.
But they should conclude that there is no effective security on the
internet WHEN YOU OVERRIDE the security precautions that were put there
to protect them. We do not help them by further watering down the
security warnings.
Eyes off the microscope! The problem is a wider ecosystem or systemic
problem in that the model only protects when the user checks the
security precautions that are in place, on and perfectly in place. As
the system has both OFF and ON modes, and as the system's ON mode is
complicated to show, there is an obvious bypass attack.
The result is that the ON community are working on making the ON button
"new, brighter and better," the attackers are working on ripping people
off in OFF mode, and the users conclude quite correctly that there is no
effective security on the net.
The essence of this battle is what you do with the OFF mode, not what
colour you paint the ON button.
iang
[1] I worked on one, more or less. The "more or less" was that it was a
smart card money system, where the bank had decided it wanted full and
absolute security (it didn't get it of course, but it believed it had).
The same bank had concluded that the only way to do secure online
banking was with smart cards. They tried, failed and compromised.
While they were doing this, their competition compromised, got hacked,
got laughed at, danced a little sideways, and succeeded.
Just by way of saying that when the *users do security analysis*, that
which is sometimes known as secure browsing is less than 1% of the
discussion. For both online banking and for secure transactions
systems, it has to work as if it were HTTP.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
