[cap-talk] Posters on Polaris and Petnames
Jed at Webstart
donnelley1 at webstart.com
Thu Jul 7 22:34:49 EDT 2005
At 02:38 PM 7/6/2005, Ian Grigg wrote:
>On Wednesday 06 July 2005 21:40, Jed at Webstart wrote:
> > At 11:55 PM 7/5/2005, Ka-Ping Yee wrote:
> > >I'm attending SOUPS (http://cups.cs.cmu.edu/soups/) this week,
> > >and will be presenting two posters. The posters can be seen at
> > >
> > > http://wolog.net/
> > 1. On phishing, identification, and SSL: I believe SSL is a technology
> > that addresses itself to more than just identification. SSL also
> > serves to encrypt information that is transmitted across the Internet
> > to protect it from eves dropping. I believe SSL has been quite
> > successful in this encryption and protection of information role.
> > To refer to "The Failure of SSL" without qualification seems a bit
> > over broad to me. Perhaps something like "SSL does not identify
> > destinations"? or "SSL fails to safely identify Internet sites"?
>Well, we've wrestled with this, and we can be more
>precise, but that just allows people to excuse themselves
>left right and other sideways.
To me it seems that it helps to clarify just what part of
the technology is failing. Namely the part that supports
site identification is failing but the part that protects
information flowing between browsers and web sites
if working fine.
>The problem is partly one of terminology and partly
>one of ostrich-like behaviour. SSL the protocol was
>designed to secure transactions on the web. Transactions
>are not secure on the web.
>Now, the difference between those two statements is messy ...
Perhaps it doesn't seem quite as messy to me - perhaps
out of ignorance. To me it seems that the identification support
is not effective (hence the phishing 'industry') but the cryptographic
protection of information is working fine (hence the lack of any
'industry' snooping sensitive information from encrypted
exchanges on the Internet).
>the reason that transactions
>are not secure on the web is that the security model in
>browsing has been breached, and SSL the protocol is
>only one component in that security model. That's
I believe it is even more precise and clear to note that the
part of the SSL technology that fails is the identification
part. Otherwise it could lead people to think that
cryptographically protected information on the Internet
is vulnerable. It may be, depending on the encryption
technology and future developments, but I at least haven't
heard of successful attacks of this sort on SSL exchanges.
>For short, everyone calls the security model SSL.
I regard that is too short for effective communication.
There are MUCH more subtle aspects of the communication
in Pings posters I believe than a simple distinction between
encrypted information flow and destination identification,
both of which are certainly aspects of SSL. To me
clarifying that it is the identification part of the SSL technology
that is failing and needs fixing helps to clarify the overall
communication of the poster.
>that point where we point out that it isn't secure, in which
>case those that defend SSL point out that it isn't SSL's
If you are referring to the identification problem, who's
problem is it? I see it as a problem for all of us. Anybody
who discusses it needs to know enough about it to know
where the problem lies.
>and those that defend browsing say that it is
>secure because they use SSL.
As we know, not if they include safe identification in what
they mean by "secure".
>And we go round and round and round.
This is a case where I believe this very straight forward
distinction between the protect of information flow and
the identification of destinations can help break the
round and round.
>The SSL community has to stand up and help define the
>problem, because they are the security guys. The browsing
>community has to stand up and say they have a problem
>with the way they implemented SSL, and they need help.
>Until these two groups display some scientific integrity
>about where the problem lies, I think stating "SSL has
>failed" is as approximately as close as we can get to
>describing the problem in terms that have some overall
I'm not sure what you mean by the "SSL community". It
seems to me that anybody worried about the failings of
technology they are using (Web transactions, SSL, the
Internet, etc.) needs to identify just what's failing. I believe
one thing that's failing is the ability to safely identify sites on
the Web (phishing). To me this definitely points a finger at
the identification aspects of SSL. That is where it seems to
me some focused attention needs to be placed. I hope in
doing so people don't inadvertently spread the blame to the
cryptographic protection of information on the Internet between
a source and destination that is also part of SSL - a part that
seems to me to be working quite well.
> > I was amazed when I saw your chart indicating that US Bank, PayPal,
> > and eBay don't use SSL on their default login page. Why in the world
> > not I wonder? The only possibility that comes to mind is to save users
> > the cost of linking to an SSL protected page for the login. Wow.
> > Many of the personal IDs and passwords for US Bank and PayPal
> > and AOL customers fly across the Internet in clear text???
>No, it's more subtle than that - the link when you click
>LOGIN is a https link, so it is sent encrypted, but the
>site leaves itself wide open to phishing, as the user is
>supposed to check *before* clicking that they are already
>at the correctly named site.
>Yet another failure in security models, where one failure
>leads to laziness in another area which opens up a
I believe I understand the point there (Alan's earlier message and
> > I have to admit that I'm a little confused by some of the "Classification
> > of Attacks" data. For example,
> > '41% of attacks are unaddressed by solutions that require the
> > target site to use SSL'
> > I believe the Waterken petname tool requires the target site to
> > use SSL - for a certificate to bind the petname to. Does that
> > mean that some portion of those 41% are unaddressed by
> > the Waterken petname toolbar mechanism? I don't think so,
> > but it seems to me the statement could be taken that way.
>There is a non-trivial class of problems that exist
>purely on the server side - it is possible to trick the
>server itself. I didn't think the class was that large,
>but oh well.
>My attitude to this is that we have to identify what
>we can about the core, fundamental parts of the
>problem. For the most part, the browser is at fault,
>so let's fix that part (petnames, trustbar, etc). Then,
>this makes it easier to concentrate on the other attacks.
To do so I believe it is important to identify just what the
parts of 'the problem' that we need to solve. It seems to
me unwise to refer to the identification problem as "SSL"
when SSL encompasses more than that.
>(Although I also had trouble clarifying what this
>section was saying...... But the more we can hammer
>home that this is the result of basic flaws in the
>security model, the better, so I wasn't looking for
>perfection in the comments.)
Naturally I'm not looking for perfection either, especially
in posters that must necessarily be brief. I *really* like
Ping's focus (bold titles) on:
Phishing is an identification problem
Viruses are an excess authority problem.
I just think that having the next eye catcher under:
Phishing is an identification problem
being "The Failure of SSL" is a bit over broad and
something like "SSL fails to provide safe identification"
would be better. I think it should then say something
like "The identification model for SSL assumes trust in
a third part: the CA" and then continue as it does. We're
only talking about a few words of difference, but I think
they are important enough to at least discuss.
It is an identification problem we are focusing on in this
poster. Make that clear and focus on that aspect of SSL.
Don't lead people to think that is all there is to SSL. Even
the certificate technology in SSL can provide some value
(e.g. to the petname toolbar). It's just that the CA business
and the way it currently attempts to support identification
is failing. I believe that failure needs to be the focus to
get things fixed.
More information about the cap-talk