Nelson B wrote:
> Jeremy Morton wrote:
>> Nelson B wrote:
>>> Jeremy Morton wrote:
>>>> Re: bugzilla bug #383183 comment #52:
>>>>
>>>> So just to confirm, you're saying that there is no difference in
>>>> security between submitting a username/password via HTTP and via HTTPS
>>>> with a self-signed SSL cert?
>>> http is vulnerable to passive attack ("sniffers").
>>> https with self-signed certs is not vulnerable to passive attack.
>>> That is the only essential difference.
>>> Both are vulnerable to active attack.
>>> Both are *trivially* attacked by MITM attackers.
>> Right, I realise all of that.
>>
>> I guess my question is whether you have any reliable statistics as to
>> what kind of number of passive attackers there are out there vs active
>> attackers. Are there literally virtually no passive attackers? If so,
>> not distinguishing HTTPS w/ self-signed in the chrome would make sense.
>> However if there are a significant number, that 'essential difference'
>> is still important, no?
>
> No.
>
> The vast majority of attacks today are active. One of the few types of
> places where passive snooping opportunities still exist is at WiFi hot spots.
>
> 15 years ago, Ethernet networks (the most common kind in corporate settings)
> all used "hubs" (technically: multi-port repeaters) that retransmitted all
> packets on the network to all systems connected to the network. Sniffing
> was rampant in those days. But today, Nearly all "hubs" have been replaced
> by switches, which selectively route packets based on IEEE 802 MAC addresses
> to their next hop, and most systems with Ethernet connections see only
> their own traffic and true broadcast packets. Unicast packets just aren't
> sniffable in most Ethernets today. Yes, some switches can be programmed to
> copy all traffic to a single port for sniffing purposes, but that's an
> active attack - it requires control of a network node.
>
> Most users of cryptography (all forms, not just https or SSL) mistakenly
> assume that "encrypted" means that no one but the intended recipient can
> read the traffic in the clear. (Many mozilla developers even make that
> mistaken assumption.) But we know that's simply not true for
> unauthenticated encryption.
What is the key difference here? Why can't you read authenticated
encrypted data but unauthenticated encrypted data?
p.s. you are assuming that the server certificate is safe at all time,
which it isn't.
--
Michael Vincent van Rantwijk
- MultiZilla Project Team Lead
- XUL Boot Camp Staff member (ActiveState Training Partner)
- iPhone Application Developer
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
