From: "Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com>
If Vernon believes that there is a man in the middle attack possible
in SSL3.0 or TLS he should contact the TLS working group as soon as
possible as they appear to be unaware of such an issue. Probably
because they don't exist.
Without authenticators such as shared secrets or public keys, it is
obvious that SSL or TLS does nothing against a classic man-in-the-middle
attack. A bad guy need only sit in the middle between the two parties,
using separate sessions to talk to each. The bad guy passes each
party's data to other after examining and potentially modifying it in
the clear. Neither party can know that it is in effect only talking
the bad guy.
Commercial PKI is a public key distribution mechanism that makes
men in the middle harder. PKI stands for "public key infrastructure."
...
Deployment IS a 'political' problem. Therefore the political aspect
is not negligible.
That statement is confounds two very different "deployments." Commercial
PKI was deployed without a lot of political effort by getting it
included in Netscape. That deployement was used to deploy "eCommerce"
or to convince end users that bad guys could get their credit card
numbers. That was and is silly nonsense intended for the ignorant
rubes and suckers. It is far easier to "dumpster div," work at a
merchant and make copies of paper, or to break into web merchants'
web sites for credit card numbers than to snoop on packets.
The protections on credit card numbers come from the credit card
companies. If someone abuses your credit card number, you liability
is limited to $50, and in practice you don't pay even that much.
There is a vast amount of on-line credit card fraud despite certs,
but consumers are protected first and foremost by the desires of
merchants and credit card companies to make it seem safe.
The political issue is the requirement on the part of the credit card
issuers to have sufficient security to ensure that the process
provides an acceptable degree of risk control.
The issue for the credit card companies is providing the customer with
an assurance that the site concerned is a legitimate merchant, even
despite the flaws in the DNS system. Without certificates we would
regularly have DNS spoofing attacks against Amazon etc.
That seems to be what Verisign tells the suckers that buy certs
without understanding their value, but it is dishonest marketing
nonsense. DNS spoofing attacks against Amazon etc. are not detered
or reduced by certs. Few users check to see that their browsers
are using SSL/TLS. Essentially no users check to see who owns the
certificates of vendors. That is part of what "phishing" is about.
There are many ways to get users to go to something like
https://www.ammazon.com/ and then use entirely proper Verisign certs
for "Ammazon.com, Inc" instead of "Amazon.com, Inc".
The real value of commercial PKI is political. It makes end-users
feel safe despite the endless talk of network security holes.
Vernon appears to be unaware that the principal purpose of the SSL
protocol is to provide integrity, not confidentiality. This is
quite a common problem amongst amateur security experts. Marc
Andressen once made the same mistake when presenting SSL v1.0 at
MIT. Phil Zimmerman does not make this mistake, thats why its
Pretty Good Privacy, not integrity, although many people who advocate
PGP as a generic security mechanism do make that mistake.
That is nonsense. As far as Verisign is concerned, the principle
purpose of SSL is to keep Versign afloat and that involves selling
the integrity aspects of SSL/TLS. However, SSL/TLS can and does
provide confidentiality. Picking which purpose of SSL/TLS is "principle"
is silly, but if you want play that game, RFC 2246 says it is
confidentiality, because it puts "eavesdropping" first in its abstract:
This document specifies Version 1.0 of the Transport Layer Security
(TLS) protocol. The TLS protocol provides communications privacy over
the Internet. The protocol allows client/server applications to
communicate in a way that is designed to prevent eavesdropping,
tampering, or message forgery.
(I sometimes refer to older RFCs because they tend to make the goals
and general mechanisms more clear. Later RFCs tend to be more accurate
but less clear.)
SPAM is an integrity problem, not a confidentiality problem.
SPAM is certainly not a confidentiality problem, but neither is it an
integrity problem, except perhaps to outfits selling authentication
anti-spam snake oil. You rarely hear complaints that unsolicited
advertisements have been modified by third parties. Plenty of spam
is not "forged" in any sense whatsoever.
I do not remember Vernon as having any involvement in this area
when the protocols were being developed. Had he played a significant
role I am sure that I would remember him since I had the payments
brief at W3C at the time these protocols were being developed.
!
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg