Re: PKI too confusing to prevent phishing, part 28

[Paul Hoffman]

At 8:53 AM +0200 9/26/05, Amir Herzberg wrote:

Is PKI the cause of this? I think not. This is a usability problem.

We try to fix this problem (and similar problems) with TrustBar. 
Indeed we even had incidents where people on the TrustBar team 
itself, and some security experts using TrustBar, thought there is a 
bug - why does TrustBar display `Bad Certificate` warning, when 
FireFox says the site is protected fine? But then we found out it 
was simply a self-signed site, or a site signed by a CA not in the 
list of the browser, or the most hard-for-users: a site with a 
certificate whose issuer is specified as Verisign (say), but with a 
wrong public key... this last one is really tricky; even expert 
users get confused in identifying this, even when using the 
certificate details dialogs (I checked for FireFox and IE).


To me, the first paragraph contradicts the second paragraph. 
Actually, the third sentence of the first paragraph contradicts the 
first two sentences of that paragraph.


A technology that cannot be made usable, but is widely used anyway, 
is the cause of its own problems.


There are many problems with PKI, and certainly with its 
implementation in browsers. But secure usability problems are worse. 
I think our community should try to be constructive. I definitely 
try myself, hence TrustBar. Please help me: try it and give me 
feedback, if you are a good programmer, lend a hand improving it; or 
find other ideas and implement them.


Looking at decades of experience with PC software, it seems unlikely 
that TrustBar or anything like it will be deployed and understood by 
typical users. It is fine to help increase the security for a small 
(possibly tiny) audience, but please do not conflate that with making 
the whole market more noticeably secure.


--Paul Hoffman, Director
--VPN Consortium

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: An overview of cryptographic protocols to prevent spam

[Perry E. Metzger]

One more comment note on spam...

"Perry E. Metzger" <[EMAIL PROTECTED]> writes:
> I'm afraid that I use blacklists. My servers get about 30,000 spams
> and virii directed at me (that is me, Perry Metzger, personally) every
> night that are blocked by blacklists. I would be unable to write you
> this email if I didn't use blacklists, because I'd have no working
> email at all. (To be fair, the onslaught has diminished recently --
> I'm now down to perhaps 20k a night. There is no functional
> difference.)

My mother in law recently got rid of the email address she had been
using for many years. Why? She was getting so much spam that the
address was effectively useless. To find the one real message she had
to wade through a metric ton of porn, medical fraud, bank fraud and
ads for fake rolexes. Her anti-spam facilities in her mail reader were
pretty good but kept putting real messages into the spam folder, so
after a while it became obvious that they weren't helping since she
had to parse all the spam by hand anyway. In short, she was forced to
surrender. She abandoned the account.

She's not the only person I know who's done things like this. Spam is
not a "harmless annoyance" any more than insect bites are once you
start getting enough. It threatens the ability to actually use email
for communication.

In a normal society, by now people would have email directories online
where you could look up the email addresses of friends and loved
ones. Why don't we have those? Spammers. People actually go through a
whole lot of trouble NOT to have their email online. They do things
like turning their email addresses into images on their web sites so
automated harvesters can't read them. They post from "throwaway
accounts" assuring that no one who wants to reply will ever be able to
do so. They bend over backwards trying to avoid the spammers.

ISPs have to spend vast amounts of money one extra bandwidth to carry
this garbage -- it costs real money. Companies have large staffs of
people who work full time to ameliorate (not eliminate) their spam
problems. It costs them real money. People like my mother in law
abandon email addresses (and make it impossible for old friends to
find them) because they're scared that if too many people know their
email address it will become flooded with garbage. By the way, the
criminals now do stuff like using spyware to steal people's addresses
so it is literally the case that you have to worry that too many
people know your address.

This is not a normal situation any longer. Spam has distorted people's
behavior beyond all recognition. You can pretend that hasn't happened
and that really all that is needed is heavier use of the "d" key or
perhaps slightly better Bayesian filters, but in fact that's not the
situation any more. We're beyond that. You can argue that we're
wrecking the internet to save it, but what is, realistically, the
alternative? If you say "just ignore the spam" then I'll have to
politely ignore *you* -- I cannot try to find the 50 real messages
inside of the 30,000 garbage ones addressed to me without the evil
blacklists, and you wouldn't be able to either.

We either make the internet somewhat less of what it was so that we
can continue using it at all, or we keep it "pure" and cease to use it
altogether. Given the choice, I'll compromise on purity.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: An overview of cryptographic protocols to prevent spam

[Perry E. Metzger]

John Gilmore <[EMAIL PROTECTED]> writes:
> It was hard to get from paragraph to paragraph without finding
> approving mentions of blacklists.  I am a victim of many such
> blacklists.  May Amir never appear on one, or his unthinking
> acceptance of blacklisting might change.

I'm afraid that I use blacklists. My servers get about 30,000 spams
and virii directed at me (that is me, Perry Metzger, personally) every
night that are blocked by blacklists. I would be unable to write you
this email if I didn't use blacklists, because I'd have no working
email at all. (To be fair, the onslaught has diminished recently --
I'm now down to perhaps 20k a night. There is no functional
difference.)

I've also been blacklisted myself, and I've had to deal with
it.

I understand your position, but you should understand that for many of
us spam, virus spew, etc. is not merely an annoyance but has the
ability to literally make it impossible to use email. Using a
combination of blacklists and other mechanisms, I get the spam levels
down to the point where they are merely an annoyance, but without them
I'd be incapable of receiving email any longer.

An analogy I like to use here is that while your neighbor using a
flashlight in the night might be an "annoyance", and turning on
floodlights in the night might be a "substantial annoyance", bathing
your house in hundreds of megawatts of light day and night goes beyond
mere "annoyance" and eliminates your ability to enjoy the use of your
property.

A few unwanted emails are a mere annoyance, but at the levels I've
reached, they go beyond annoyance. As much as I dislike blacklists
etc., I couldn't operate without them so I use them.

I wish I lived in a world where you couldn't just go out and lease the
use of 8000 zombie machines on the internet pre-broken into by
Ukrainian gangsters for your spamming pleasure, where people couldn't
send me phishing emails without being caught and punished for fraud,
etc. -- in short where folks who do things that even libertarians
dislike were punished. However, we don't live in an ideal world -- we
live in a world where a government monopoly runs law enforcement and
that law enforcement is nigh well worthless. I can't just buy the
other government's law enforcement since there is none, so I do what I
can on my own to make my machines livable.

In a better world maybe we won't need firewalls, policies where cable
modem users have port 25 blocked unless they ask for it to be
unblocked, spam blacklists, vast amounts of personnel time and money
spent at large organizations worrying about spam, security, etc., but
that better world isn't coming any time soon.

> His analysis made me think of clinical reviews of experiments done
> on human subjects in prison camps -- careful to focus on the facts
> while ignoring the obvious moral problems.
>
> Interspersed were discussions of various kinds of port blocking.  The
> Internet is too good for people who'd censor other peoples'
> communications, whether by port number (application) or by IP address
> (person).  It saddens me to see many of my friends among that lot.

John, I admire you for living a life without compromises. However, I
cannot afford such a life.

As it stands, I wouldn't blame the people who block ports. Most of
them, like me, are just trying to keep using the internet as best as
they can.

I would blame the criminals. I don't mean the people who merely send
out unsolicited email from machines they themselves own that doesn't
pretend to come from other people. I mean the people who
systematically break in to thousands of computers (surely you don't
believe breaking in to someone's computer to gain its use against the
will of the owner is okay) so they can send out their notes to a few
million people claiming to be their bank and directing them to yet
another machine they've broken in to where they collect the passwords
of the victims. I would also blame the law enforcement agencies who
essentially do nothing to these people.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: An overview of cryptographic protocols to prevent spam

[Adam Shostack]

On Mon, Sep 26, 2005 at 09:28:19AM +0200, Amir Herzberg wrote:
| John Gilmore wrote:
| >>I wrote an overview of Cryptographic Protocols to Prevent Spam, 
| >
| >I stopped reading on page V -- it was too painfully obvious that Amir
| >has bought into the whole censorship-list based "anti-spam" mentality.
| John, I'm disappointed; I expected you to be more tolerant. You got mad 
| at me at page V which is still just reviewing the basic e-mail 
| architecture related to spam. In this part, I explained what open-relays 
| are and why people may try to disconnect from them, and described 
| port-25 blocking which is common practice and necessary to protect 
| domains from being blacklisted.

"necessary to protect domains from being blacklisted."?

How about the more factual:   "Is used as a decision factor by many of
the programmers who create blacklist-creation tools?"

Blacklists are not like blackholes, a natural result of laws of
nature.  They are the product of human action, and the people who made
decisions around them ought to own up to the fact that they are making
decisions.

Adam

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

German CA TrustCenter insolvent

[Stephan Neuhaus]

Original article at http://www.heise.de/security/news/meldung/64224

It seems that the German TC TrustCenter GmbH (formerly TC TrustCenter 
AG) is now insolvent.  TrustCenter was accredited to issue "qualified 
signatures", which is what you need in Germany if you want your digital 
signature to be as binding as your handwritten one.


It is as yet unclear why TrustCenter ran out of money, but the fact that 
German banks sold their TrustCenter stocks to BeTrusted (now part of 
Cybertrust) in 2004 shows that the banks had lost their confidence in PKI.


An interesting question is of course what happens with TrustCenter's 
private keys.  Are they being auctioned off to the highest bidder?


Fun,

Stephan
begin:vcard
fn:Stephan Neuhaus
n:Neuhaus;Stephan
org;quoted-printable:Universit=C3=A4t des Saarlandes;Department of Informatics
adr;quoted-printable:;;Postfach 15 11 50;Saarbr=C3=BCcken;;66041;Germany
email;internet:[EMAIL PROTECTED]
title:Researcher
tel;work:+49-681/302-64018
tel;fax:+49-681/302-64012
x-mozilla-html:FALSE
url:http://www.st.cs.uni-sb.de/~neuhaus
version:2.1
end:vcard

Re: An overview of cryptographic protocols to prevent spam

[Amir Herzberg]

John Gilmore wrote:
I wrote an overview of Cryptographic Protocols to Prevent Spam, 


I stopped reading on page V -- it was too painfully obvious that Amir
has bought into the whole censorship-list based "anti-spam" mentality.
John, I'm disappointed; I expected you to be more tolerant. You got mad 
at me at page V which is still just reviewing the basic e-mail 
architecture related to spam. In this part, I explained what open-relays 
are and why people may try to disconnect from them, and described 
port-25 blocking which is common practice and necessary to protect 
domains from being blacklisted.


I discuss blacklisting techniques and their problems much later, in 
section 5.5 (page XXV). I discuss there, albeit briefly, false 
positives, abuse, and collateral damage. I agree about the importance of 
clarifying these concerns, and will try to improve this.


Frankly, however, I think you were a bit trigger-happy to conclude that 
I `bought-into` the censorship, black list approach. May I recommend 
that you ask first, shoot later? We had some discussions on this and 
while we may have differences, I thought you know I care a lot about 
freedom of speech.


And btw, yes, as users of some (legitimate!) mail services, both me and 
several family memebers (e.g. children) were blocked by domain 
blacklists... When this happened to my 7 year old child, I had to 
forward his answers to a magazine for him. I once almost lost a 
consulting engagement to blocked email. And Ross Anderson once had to 
resort to asking Adi to call me on the phone to deliver a message, since 
a crazy mail filter here (Bar Ilan Univ.) blocked his messages for 
weeks... And more incidents. So believe me I'm well aware of this problem.

--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: 
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: PKI too confusing to prevent phishing, part 28

[Amir Herzberg]

Is PKI the cause of this? I think not. This is a usability problem.

We try to fix this problem (and similar problems) with TrustBar. Indeed 
we even had incidents where people on the TrustBar team itself, and some 
security experts using TrustBar, thought there is a bug - why does 
TrustBar display `Bad Certificate` warning, when FireFox says the site 
is protected fine? But then we found out it was simply a self-signed 
site, or a site signed by a CA not in the list of the browser, or the 
most hard-for-users: a site with a certificate whose issuer is specified 
as Verisign (say), but with a wrong public key... this last one is 
really tricky; even expert users get confused in identifying this, even 
when using the certificate details dialogs (I checked for FireFox and IE).


There are many problems with PKI, and certainly with its implementation 
in browsers. But secure usability problems are worse. I think our 
community should try to be constructive. I definitely try myself, hence 
TrustBar. Please help me: try it and give me feedback, if you are a good 
programmer, lend a hand improving it; or find other ideas and implement 
them.


Best, Amir Herzberg

Paul Hoffman wrote:
 



Summary: some phishes are going to SSL-secured sites that offer up their 
own self-signed cert. Users see the warning and say "I've seen that 
dialog box before, no problem", and accept the cert. From that point on, 
the all-important lock is showing so they feel safe.


Although the company reporting this, SurfControl, is known for alarmism, 
this is a completely predictable situation. If users can hold one bit 
and the bit is "look for the lock", then phishers will do anything to 
get the lock up there.


--Paul Hoffman, Director
--VPN Consortium

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

.



--
Best regards,

Amir Herzberg

Associate Professor
Department of Computer Science
Bar Ilan University
http://AmirHerzberg.com
Try TrustBar - improved browser security UI: 
http://AmirHerzberg.com/TrustBar
Visit my Hall Of Shame of Unprotected Login pages: 
http://AmirHerzberg.com/shame


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: An overview of cryptographic protocols to prevent spam

[John Gilmore]

> I wrote an overview of Cryptographic Protocols to Prevent Spam, 

I stopped reading on page V -- it was too painfully obvious that Amir
has bought into the whole censorship-list based "anti-spam" mentality.

It was hard to get from paragraph to paragraph without finding
approving mentions of blacklists.  I am a victim of many such
blacklists.  May Amir never appear on one, or his unthinking
acceptance of blacklisting might change.  His analysis made me think
of clinical reviews of experiments done on human subjects in prison
camps -- careful to focus on the facts while ignoring the obvious
moral problems.

Interspersed were discussions of various kinds of port blocking.  The
Internet is too good for people who'd censor other peoples'
communications, whether by port number (application) or by IP address
(person).  It saddens me to see many of my friends among that lot.

John Gilmore



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: PKI too confusing to prevent phishing, part 28

[Jerrold Leichter]

| 
| 
| Summary: some phishes are going to SSL-secured sites that offer up 
| their own self-signed cert. Users see the warning and say "I've seen 
| that dialog box before, no problem", and accept the cert. From that 
| point on, the all-important lock is showing so they feel safe.
| 
| Although the company reporting this, SurfControl, is known for 
| alarmism, this is a completely predictable situation. If users can 
| hold one bit and the bit is "look for the lock", then phishers will 
| do anything to get the lock up there.
Just another indication that PKI as it was supposed to be done during the 
Internet boom is dead.  There are plenty of legitimate sites that are using 
self-signed certs.  (An ISP I use has one - and, while not one of the majors, 
it's not a mom-and-pop operation either.  They used to have a cert from 
Verisign or one of the other big providers.  After that expired, they kept 
using it for about a month - then put the self-signed one in its place.)
On this list, we see plenty of (quite plausible) arguments that a self-
signed cert is better than no cert at all:  At least it can be used in an 
SSH-like "continuity of identity" scheme.

Talking about users as being able only to hold one bit continues an 
unfortunate attitude that, if only users weren't so dumb/careless/whatever, we 
wouldn't have all these security problems.  Between the hundreds of CA's that 
browsers are shipped with - all allegedly trustworthy; the sites whose certs 
don't match their host names; the random links that appear to be within one 
site but go off to others with no relationship that anyone can discern to the 
original; the allegedly-secure sites that don't use https until you log in; 
all the messages telling you to ignore security warnings; and now the growing 
number of sites that use self-signed certificates ... as far as I'm concerned, 
SSL for browsers has gotten to the point where one could legitimately argue 
that it's *bad* for security, because it leads people to believe they have a 
secure connection when very often they don't.  Perhaps if they realized just 
how insecure the whole structure really is these days, there would be some 
pressure - in the form of even more people voting with their feet and refusing 
to participate - to actually get this right.

(BTW, I'll add one more tale to the "ignore security warnings" thread:  If
you try to use Windows Update these days, it asks you to update the updater.
If you agree, a .CAB file gets downloaded.  The .CAB file is properly signed 
by Microsoft.  Inside it are three other files.  These individual files are 
*not* signed.  You get warnings for each one, asking if the installer should 
go ahead and use them even though they are unsigned.  If you decline ... you 
can't use Windows Update.)
-- Jerry


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]