Nelson B wrote: ...
Not really. Without the authentication, any proxy, including the so-called transparent proxies, could descrypt all traffic in both directions without the end parties detecting it.
So, we are saying here that, because there is a small threat of an active/compromised node doing an MITM, there is no point in protecting against passive eavesdropping, which is a demonstrably larger threat?
Is this logic sufficient to justify effectively denying users any protection against eavesdropping, within the open, non-commercial world, as befits the open source community?
There are entire countries whose internet access all passes through transparent proxies, so their governments can snoop. If they could do MITM attacks, you can bet they would.
Governments are trying to snoop on what, exactly? Credit cards? Doesn't make a lot of sense.
Mail? Most web mail systems don't use any form of HTTPS, whether it be cert'd or not. Straight HTTP. Getting them to use any form of encryption would be fantastic. It'd certainly be a lot easier if they could bootstrap their webmail servers into a self-signed cert, accepted by the browsers, and then upgrade to an expensive CA-signed cert if the traffic warranted it.
People worried about government snooping on email based comms generally do in fact get found and beaten up badly. Some of them get killed for their efforts. They then look at various offerings, which I guess vary in their nature. OpenPGP is widely used by the human rights people for example, and has been since the early 90s, it was one of the core user groups since forever. (If anyone is keen on *serious* threat models, check out cryptorights.org)
In this case, I'd suggest that if the HRC people were using HTTPS, they should use a cert. But, as the browsers that would be used are potentially compromised, they would have to validate the browser somehow. Hard problem.
So, they might end up having to use OpenPGP on floppies, install onto a machine, run the program from the floppy, and then use webmail to transmit the mail. In which case they'd be happy with any form of encryption because they've already protected themselves using other means.
Right now, HTTPS is basically limited to merchants doing, e.g., credit card stuff or similar. If the servers and browsers weren't so serious about merchants and other server operators being charged hard currency for running what is basically open source software, the notion that governments are a threat might make more sense, simply because there would be non-commercial usage of HTTPS. I.e., HRC. But, for now, no, sorry, HTTPS is too expensive for the average non-profit, so I don't see governments being interested. Correct me if I'm wrong, please!
> They cannot do undetected
MITM on https, today, beceause of cert based authentication.
Almost all traffic is over HTTP. There is a bit of ecommerce over HTTPS. Is this for real?
Unless you are talking about just your common or garden criminal bureaucrat working for a government and also doing a bit of credit card snooping on the side. Granted, many governments employ / encourage criminals, but they are still subject to economic forces and would rather steal 10,000 credit cards by hacking than sit there hoping a foreigner comes along into a net cafe.
I spent some time in one of them this past year. You can bet I was particularly careful to ensure I had uncompromised software and an uncompromised root CA list. It would take only one compromised root CA for them to be able to do MITM attacks on all https traffic.
If they compromised the browser you were using, they could then compromise the traffic from that machine - unless you used a CA cert list.
But, if they could compromise the browser, and/or its root CA list, they could also compromise the entire machine?
What was the threat model here?
Oh, and cert based secure AIM was my friend.
Certs are great if they're available and costless.
They're just not costless. And, the decision of the browser and the server to insist on their usage means that it puts a lot of pressure on things like CACert to reduce their cost, so we can see the use of this software by the ordinary people, rather than by the payments people.
Currently, the cost of certs is the primary reason that HTTPS has achieved less than 1% penetration of the market over the last decade.
Presumably AIM does it differently, by using one cert at the server. But, if it did it from user-to-user, as per p2p, then one could be sure that there would be a desire to reduce those certs down to their natural zero cost.
iang _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
