- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 28 Mar 2012 09:53:35 +0200
- To: Willy Tarreau <w@1wt.eu>
- Cc: Martin Thomson <martin.thomson@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
On 28 Mar 2012, at 08:40, Willy Tarreau wrote: > Hi, > > On Wed, Mar 28, 2012 at 08:06:35AM +0200, Henry Story wrote: >> For example if I am reading a blog from an author I trust and he writes >> a review of his good experience shopping in some small company, a story I heard >> perhaps through other channels and have every reason to trust, and I >> click on the link to go to that site, but a man in the middle attacker >> has replace the link to the site he was writing about with a link to his >> proxy (in order to take the money sent to the payment links he controls), >> then it will be very easy to fool me. > > I'm totally amazed by the fact that : > a) people consider that the web is only *web pages* risking of being > mangled by man-in-the-middle attacks, but don't consider all the > other components that represent zero value but neet to be quickly > delivered. Eg: off-site components such as visitor counters which > nobody cares about but which should be very fast, or ads for which the > ads providers don't necessarily want to inflate their infrastructure > costs. > > b) we're keeping focused on the risk of having a blog page modified by > an MITM while the *only* real issue right now (I mean what makes people > *lose money* in the real world) is malware running in browsers and > taking away all of their information or even acting as themselves on > secure web sites. What's the point of securing blogs when connecting > to banks over TLS is already unsafe ? That is the equivalent of the famous skeptical argument against the possibility of any knowledge in philosophy. The skeptic argues: given that you cannot distinguish your current situation from the way the world would seem to be had you been kidnapped at night by aliens from Alpha Centauri, who had connected your brain to highly evolved computer designed to feed you the sense impressions you are having as you walk to a shop, which you would be falsely thinking you were walking to, where you would in fact just be dreaming you were - given that you can never distinguish your situation from that one, it follows that you cannot know at all. So argues the skeptic. The parallel with your argument is clear. Substitute computer for brain, and malware for alpha centaurians, and the argument becomes since the bank can never distinguish between someone who is malware infested from someone who is not, why should they bother with security at all? The answer in knowledge that Robert Nozick put forward is that knowledge is a modal concept, and that it does not follow from the statement that you don't know you are not a brain in the vat, that you don't know everyday statements. Knowledg is tracking the truth in the closest possible worlds, not in the most far fetched ones. Of course if alpha centaurions became a reality, then things would start getting hairy. So your argument is stronger, since you argue that a lot of computers are malware infested. Of course there the thing to do is for banks to add other methods of verification or notification, not to reduce security in connection and other places. Ie, the solution is not to give up on knowledge in the traditional skeptical case, or in your case on TLS, but to work on methods for reducing malware infested computers. And it could be that having TLS connections that mean that when I read my friends blog his links don't get changed to point me to a malware infested site will help me avoid the malware too. Security is a enterprise where one has to push back on many fronts simultaneously: better connection security, better operating systems, better education of users, reduction of the need for password usage (since people mostly use the same), use of platforms like Java correctly so that they limit access to resources on the OS, and limit connections, more attention in browser technologies to security, better warning systems, neighbourhood watch, avoidance of porn sites, ... > > We'll just lower the overall security by applying the same security > enforcement to all sites. Connecting to your bank or to you WiFi > router's admin page will look equally safe. Ah it is the "look" of security that is worrying you? Going to a bank should "look" more secure that your router's admin page? But your router admin page should be just as secure as the bank if possible, since that is another vector of attack. > I don't think this is the > intent of this move, really. > > Willy > Social Web Architect http://bblfish.net/
Received on Wednesday, 28 March 2012 07:54:19 UTC