On 12/8/06, David Schwartz <[EMAIL PROTECTED]> wrote:
I think that's kind of a crazy thing to say. For what possible reason would Microsoft want my credit card information to leak to a cracker? For what possible reason would Microsoft want my computer to be hijacked?
It's unlikely that MS would want it -- but on the flip side, they also make it pretty trivial to happen.
I think that has nothing to do with anything. Why even bother? Why not just trap my keystrokes and wait for me to enter my credit card info into any program at all? If you can take over my computer, why limit yourself to just what passes over HTTPS?
Ah, another fundamental flaw in your view: Just because there's a "high-value" target available does not mean that "lower-value" targets lose their own inherent value. It just means that in your view, the target that you're protecting most because it's the one that you've been taught to fear for the most is the one that will be attacked the most. I don't want credit card numbers. So, you protecting your credit card number is useless against me. What if what I want is knowledge of what you're looking at on Amazon's site, so that I can figure out who to market my own products or services to and what pricepoint to do so at? Credit cards are high-value, so there's a specific process in place to deal with the information leakage. Less stringent safeguards are in place for other valuable data.
A security model is defeated if it doesn't do what its implementers want it to do. If it does precisely what its implementers want, then the security model has done all it can do. It can't make the implementation what you might want and it's absurd to expect it to.
Let's take that view, and apply it to "okay, now I start giving or selling certificates to websites so that my users can use them, and other users who don't have these certificates can't." While you see this as a fundamentally flawed process, there are situations (such as "I want my users to be able to use the servers that are connected to my network without having to go outside of it to get the content that they're serving, but I also don't want to have to publish the contents of these servers to anyone not on my network so that my own overhead goes up") where this is already the case, and already in place. The security model allowed is based on what the CA administration wants, not necessarily concruent nor even parallel to what the end user wants. The original security model as put forth in SSL2 and SSL3 was that the end user would get what the end user wanted. Not that it could be hijacked by anyone that the system happened to have a certificate for.
> David, one of these days you will wake up and understand that the only > real way to have workable security is to have an educated user behind the > wheel. I think that's backwards. The user can *always* screw himself a billion ways. So long as the user can *only* screw himself, the security is workable. Security protects a smart user from a smarter adversary. Nothing protects a dumb user from themself.
Except that security can also be said to "protect a dumb user from a smarter adversary". 'smart' and 'dumb' can refer to the same level of knowledge and ability to put that knowledge into practice. ...and while nothing prevents a user from posting his credit card information to Usenet, nothing (aside from contractual obligation, now) prevents the server from having such weak security that when the user sends his information to them as required to complete a transaction the credit card information is available to anyone who happens to know how to get to it.
While it's true that you do need to be pretty smart these days to use a computer safely, I think that's unfortunate. It's sad that people have stopped using computers to connect with other people and learn about their world because they can't deal with the sophisticate assaults on them.
...so people should use Office to connect with people even in the face of multiple zero-day attacks that they don't have the means or tools to mitigate? I think it's unfortunate that you're /defending/ the current status quo.
Things really can be easy to use without being dumbed down for those who want to get into the nitty gritty. It's just *hard* to get that right.
Ah. You're describing the Macintosh. Which still doesn't have it completely right, but it's a LOT closer than Windows. (I don't mean to start a religious argument here... but you're holding onto dogmatic assumptions and presumptions that are preventing you from seeing the validity of other arguments.) -Kyle H ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]