W3C home > Mailing lists > Public > public-wsc-wg@w3.org > July 2007

Re: ACTION-272: self-signed certificates

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Tue, 31 Jul 2007 02:30:47 +0100
Message-ID: <46AE90C7.7090601@cs.tcd.ie>
To: Serge Egelman <egelman@cs.cmu.edu>
CC: public-wsc-wg@w3.org


Ok. Just for fun, about 50% of my new text below is pure
point-scoring:-)

I'm sure a well informed reader can separate the two
halves.

Serge Egelman wrote:
> 
> 
> Stephen Farrell wrote:
>> Serge,
>>
>> Serge Egelman wrote:
>>> We went over this.  The $20 GoDaddy example I cited before.  I
>>> registered a domain and purchased a certificate using PayPal, and it's
>>> all under Stephen's name.  
>> <neitherSeriousNorFlippantMockery>
>>
>> Same thing was done back in about 98 under Warwick Ford's name and
>> a number of times before and after. No big deal then. No big deal
>> now. Sorry if you thought that was cute.
>>
>> The issue of what to display is real. Your work there helps.
>>
>> Whether a cert costs $20, (or even real money like 20:-) is immaterial.
>> The fact that it is traceable is significant, and the non-zero cost
>> means that undirectected attacks on that basis fail to scale. Directed
>> attacks where each attempt involves either the same server cert or
>> else a CA interaction can be noticed and hence the $20 or even $0
>> cert is accountable, at least as much as needs be.
> 
> Where is the accountability??  

Try commit a crime sometime. Accountability exists. But, there are
legitimate questions about the granularity at which monitoring is
effective, or even wise, given that most traffic isn't bad. Discussion
(in either direction) that ignores those legitimate issues is lacking.

 > That's my question, and it's taken a
> flurry of emails, yet no one has answered it.  

I fail to notice the flurry.

 > You claim that these
> certs are accountable, yet you can't say why (though freely admit that
> phishers could purchase them anonymously).  

I did say how they can be accountable. ("Why" isn't a real question and
such inaccuracy is unfortunate. I suggest a few seconds pause before
hitting "send" - a lesson I've learnt myself, though not well:-)

 > There seems to be a huge
> disconnect here.

Between your style of argument and reality? :-)

>> However, I remain surprised that you keep on about this. Don't most
>> phishes depend, as you tell us over and over, on the passive indicator
>> being useless. Yet you suddenly prefer one such over another on
>> apparently no basis whatsoever. I don't get that.
> 
> That's still my position.  

Yet you won't say why. Go on, make a positive assertion - you may
be right, wrong or something else, but you'll be less predictable
at least:-)

 > However, you're now talking about making more
> useless indicators and confusing the small number of users who actually
> do notice the original ones.  

You misread. The proposal in question doesn't discuss how to present
anything. All it discusses are the diffs between SSCs and other certs
under an assumption that what to do with non-SSCs is agreed already.
Commenting on what's written as opposed to what you think it says would
be better.

 > Again, how many attacks have you seen that
> use SSCs?

I've no stats there. Would welcome some.

> 
>> </neitherSeriousNorFlippantMockery>
>>
>>> Nothing is linked back to me, there is zero
>>> accountability (BTW: Johnathan said that he'd pull the root if this
>>> were the case, though I doubt that's happened).  
>> You think paypal is anonymous? Hmm...
> 
> No, that wasn't my point.  

Good.

 > My point is that PayPal accounts are
> frequently stolen.  I can hop on IRC and buy one for a few dollars (same
> with credit card numbers).  If I were seriously doing this as a phisher,
> there would be no chance of tracing it back to me.  

I guess you assume that on the basis that the crime isn't that
serious? In fact, you could be held to account since most Internet
interactions these days are traceable one way or another. So you
have an unstated assumption that tracing won't happen due to
the volume of legitimate traffic that hides your putative
malfeseance.

 > Hence, no
> accountability.  If you're saying that the system relies on the
> accountability of the payment service, then that's a major fallacy.

Ok. So, your use of my name is meangingless since you are in fact,
not a criminal. Good that you admit it to be a worthless stunt and
hence not a basis for further argument.

> Sure, PayPal or the bank could notify the CA that a stolen account was
> used to buy the CA, but I doubt they currently do that.  And if they
> did, it certainly isn't going to happen in a matter of hours from the
> time of the purchase.  It'll probably happen outside of the 24 hour
> window that most phishing sites currently exist for.

Can you cite references there? Would SWIFT monitoring be a counter
example?

>>> If I were a phisher, and
>>> this scheme worked (let's pretend that user's will notice, understand,
>>> and obey the SSC indicators---which we currently know to not be the
>>> case), I'd start dropping $20 for each site to get a real CA-signed
>>> certificate.
>>>
>>> The current figures state that phishers make anywhere from $250-1000
>>> per victim.  Dropping $20 really isn't a big deal.  Hell, dropping
>>> $500 on an EV cert may be worth it, if we can ever come up with useful
>>> indicators, but that's a different matter...
>>>
>>> I really think that we should just classify non-EV and SSC
>>> certificates as the same thing: only useful for encryption.  We show
>>> an encryption indicator, which will only be noticed by the tech-savvy
>>> users anyway. 
>> On what basis do you think that EV certs are better? (Serious question.)
>>
>> Didn't you notice the thread where we saw that they need the browser
>> code to know  the funny handshake? (As was the case before with
>> server-gated crypto. Its a fine, but ultimately silly distinction.)
> 
> Honestly?  I don't think EV is any better.  

Me neither. So let's not pretend, eh?

 > But that's another battle.
> It's a higher burden, which phishers aren't going to attempt as long as
> picture-in-picture attacks are successful, as long as users don't notice
> passive indicators, and as long as you can accomplish the same thing for
> a fraction of the price.

None of which are included in the set of PKI related fallacies that
you continually seem to enjoy exhuming.

S.

PS: Some pure point-scoring is entirely valid argument. Maybe 90%
of the above:-)
Received on Tuesday, 31 July 2007 01:29:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2008 03:52:50 GMT