W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-272: self-signed certificates

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Mon, 30 Jul 2007 20:57:58 -0400
Message-ID: <46AE8916.6070802@cs.cmu.edu>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
CC: public-wsc-wg@w3.org

Stephen Farrell wrote:
> Serge,
> Serge Egelman wrote:
>> We went over this.  The $20 GoDaddy example I cited before.  I
>> registered a domain and purchased a certificate using PayPal, and it's
>> all under Stephen's name.  
> <neitherSeriousNorFlippantMockery>
> Same thing was done back in about 98 under Warwick Ford's name and
> a number of times before and after. No big deal then. No big deal
> now. Sorry if you thought that was cute.
> The issue of what to display is real. Your work there helps.
> Whether a cert costs $20, (or even real money like 20:-) is immaterial.
> The fact that it is traceable is significant, and the non-zero cost
> means that undirectected attacks on that basis fail to scale. Directed
> attacks where each attempt involves either the same server cert or
> else a CA interaction can be noticed and hence the $20 or even $0
> cert is accountable, at least as much as needs be.

Where is the accountability??  That's my question, and it's taken a
flurry of emails, yet no one has answered it.  You claim that these
certs are accountable, yet you can't say why (though freely admit that
phishers could purchase them anonymously).  There seems to be a huge
disconnect here.

> However, I remain surprised that you keep on about this. Don't most
> phishes depend, as you tell us over and over, on the passive indicator
> being useless. Yet you suddenly prefer one such over another on
> apparently no basis whatsoever. I don't get that.

That's still my position.  However, you're now talking about making more
useless indicators and confusing the small number of users who actually
do notice the original ones.  Again, how many attacks have you seen that
use SSCs?

> </neitherSeriousNorFlippantMockery>
>> Nothing is linked back to me, there is zero
>> accountability (BTW: Johnathan said that he'd pull the root if this
>> were the case, though I doubt that's happened).  
> You think paypal is anonymous? Hmm...

No, that wasn't my point.  My point is that PayPal accounts are
frequently stolen.  I can hop on IRC and buy one for a few dollars (same
with credit card numbers).  If I were seriously doing this as a phisher,
there would be no chance of tracing it back to me.  Hence, no
accountability.  If you're saying that the system relies on the
accountability of the payment service, then that's a major fallacy.

Sure, PayPal or the bank could notify the CA that a stolen account was
used to buy the CA, but I doubt they currently do that.  And if they
did, it certainly isn't going to happen in a matter of hours from the
time of the purchase.  It'll probably happen outside of the 24 hour
window that most phishing sites currently exist for.

>> If I were a phisher, and
>> this scheme worked (let's pretend that user's will notice, understand,
>> and obey the SSC indicators---which we currently know to not be the
>> case), I'd start dropping $20 for each site to get a real CA-signed
>> certificate.
>> The current figures state that phishers make anywhere from $250-1000
>> per victim.  Dropping $20 really isn't a big deal.  Hell, dropping
>> $500 on an EV cert may be worth it, if we can ever come up with useful
>> indicators, but that's a different matter...
>> I really think that we should just classify non-EV and SSC
>> certificates as the same thing: only useful for encryption.  We show
>> an encryption indicator, which will only be noticed by the tech-savvy
>> users anyway. 
> On what basis do you think that EV certs are better? (Serious question.)
> Didn't you notice the thread where we saw that they need the browser
> code to know  the funny handshake? (As was the case before with
> server-gated crypto. Its a fine, but ultimately silly distinction.)

Honestly?  I don't think EV is any better.  But that's another battle.
It's a higher burden, which phishers aren't going to attempt as long as
picture-in-picture attacks are successful, as long as users don't notice
passive indicators, and as long as you can accomplish the same thing for
a fraction of the price.


>> And then we primarily focus on consistency.
> There you do have a point. As with user attention.
> But you are off base in terms of PKI.
> S.

Serge Egelman

PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University

Legislative Concerns Chair
National Association of Graduate-Professional Students
Received on Tuesday, 31 July 2007 00:58:13 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:17 UTC