[13426] in cryptography@c2.net mail archive
Re: Maybe It's Snake Oil All the Way Down
daemon@ATHENA.MIT.EDU (Jeroen C. van Gelderen)
Tue Jun 3 17:50:41 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 3 Jun 2003 17:21:49 -0400
Cc: "'cypherpunks'" <cypherpunks@lne.com>,
<cryptography@metzdowd.com>
To: "Lucky Green" <shamrock@cypherpunks.to>
From: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>
In-Reply-To: <000101c3298e$cf6edd30$6401a8c0@VAIO650>
On Tuesday, Jun 3, 2003, at 01:13 US/Eastern, Lucky Green wrote:
> Given that SSL use is orders of magnitude higher than that of SSH, =
with
> no change in sight, primarily due to SSL's ease-of-use, I am a bit
> puzzled by your assertion that ssh, not SSL, is the "only really
> successful net crypto system".
(I noticed that SSL and HTTPS are sometimes used interchangeably in=20
this thread and sometimes not (i.e. STARTTLS). I'll concentrate on=20
HTTPS in this mail. Note that HTTPS is slightly broader than just SSL:=20=
it also includes the browser interface.)
Absolute numbers are one measure. Another would be to consider the=20
ratio of HTTPS/HTTP and SSH/telnet. You could define a successful=20
protocol by ability to displace its unprotected equivalent. I for one=20
would consider that a more useful measure. I bet you find that HTTPS is=20=
non-existent according to this definition, completely disappearing in=20
the noise. Interestingly (and IMHO correctly) enough OpenPGP fails this=20=
test too. Miserably.
Perhaps that measure is too coarse grained. For instance, in the domain=20=
of "security advisories" most emails are digitally signed with OpenPGP.=20=
And in the domain of online credit card payments HTTPS has displaced=20
HTTP.
But HTTPS covers only those transactions for which users demand=20
protection. Actually, that isn't quite correct. It is those=20
transactions for which the users want to *feel* [2] protected. It is=20
mindbogglingly easy to spoof an HTTPS site. Either with or without the=20=
impostor using a certificate. (Today, I can register=20
http://www.e-g0ld.com/ and obtain a matching certificate for $100. All=20=
the user will see is a lock icon and he thinks he is safely on=20
http://www.e-gold.com/.)
A large part of the problem obviously is the browser's user interface.=20=
The other part mainly concerns the use of CA certificates. Self-signed=20=
certificates only compound the problem by teaching the user bad habits.=20=
("Oh, if the browser asks a question, just click yes." Guess what:=20
people will now always click "YES" on certificate related questions,=20
whatever the question or warning is.)
Penetration? Even privacy-sensitive sites like, say,=20
http://www.cypherpunks.to/ do not utilize HTTPS by default. The=20
possibility of HTTPS access isn't even mentioned on the homepage. No=20
support for RFC 2817 and no transparent redirect either. You have to=20
manually change http: to https: for it to work.
Same for http://www.cryptorights.org/. When you manually go to the=20
HTTPS version you will note that they use a self-signed certificate=20
which:
a) requires user interaction and a user
knowing what she is doing;
b) erodes the value of security questions
(through teaching bad habits)
c) doesn't cache the key so subsequent
MITM attacks are not defended against.
Another sensitive site? How about HTTPS access to Google ... ?
SSH on the other hand succeeded in protecting network infrastructure=20
nearly transparently. It virtually replaced telnet in places where it=20
matters (and a whole lot where it doesn't). I don't have to change=20
addresses or port numbers. Open-source UNIXes have it enabled by=20
default. It completely redefined how X screens are remoted for the=20
(small?) set of users that are interested in that. Of course its=20
protocol isn't perfect and it certainly is vulnerable to the MITM on=20
the first connection. But I bet it offers more real protection than=20
HTTPS, as *presently* implemented, ever will. SSH is the closest thing=20=
to opportunistic encryption I know of.
I guess this is qualified agreement with Ian's statement that SSH is=20
the "only really successful net crypto system". I can only hope that=20
people will adopt the displacement ratio as a measure of success and=20
design their protocols (all the way up to the user interface)=20
accordingly.
Lifting and modifying a quote from Peter Gutmann's homepage:
"I think a lot of purists would rather have cryptographic protocols be=20=
useless to anyone in any practical terms than to have it made simple=20
enough to use, but potentially "flawed"."=A0-- with apologies to Chris=20=
Zimman.
-J
[1] One exception would be the subset of mail roughly corresponding to=20=
security advisories. There OpenPGP signatures are the norm.
[2] Airport "security" anyone?
--=20
Jeroen C. van Gelderen - jeroen@vangelderen.org
A single glass of beer was passed, from which I was the last
one to sip - a ritual signifying that I was not to be poisoned.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
