ietf-openproxy
[Top] [All Lists]

Re: WG Review: Open Pluggable Edge Services (opes)

2001-06-20 10:34:48

On Wed, Jun 20, 2001 at 08:12:49AM -0600, Vernon Schryver wrote:
| >                                                  Why should anyone be
| > required to pay such an outrageous tax simply to be able to protect
| > their home photo collection from being tampered with in transit to 
| > a visitor's browser?
| >
| > Granted, we could all become our own CAs, but that scares end users
| > and reduces the trust model because we don't want to train users to
| > accept a new CA cert from every site they go to.  
| 
| No, on several counts:
| 
|   1. The only reason that might scare end users is because of scary
|     words from browsers, and then only for HTTP.  Browsers are not
|     too-smart-by-half SMTP MUA's not SMTP servers.  There are no scary
|     CA pop-ups from your browser-broken-MUA if you use SMTP for mail
|     submission.
| 
|   2. there are no pop-ups, scary or otherwise, when you and other
|     SMTP client and server operators exchange certs for sendmail's use.
| 
|   2. becoming your own CA is easy, once someone tells you the magic
|     Openssl incantation.  

Unfortunately, the become your own CA solution doesn't actually help
deal with the issue of man-in-the-middle attacks.  The threat under
discussion is that there is a proxy modifying content; we'd like to
prevent that.  If the server sends a key without reference to some
established authority, then the MITM may simply replace that key with
one of its own, or translate the http-over-SSL request into a
cleartext http request, or otherwise munge the session, because there
is no way for the browser to figure out if the self-signed key is the
one the server sent.

(I find it unfortunate because often, become your own CA is a good 
idea, and this is one of the few cases where its not.)

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume



<Prev in Thread] Current Thread [Next in Thread>