I'm changing the subject of this thread to a more meaningful one.

Michael Vincent van Rantwijk, MultiZilla wrote:
> Nelson B wrote:

>> Most users of cryptography (all forms, not just https or SSL) mistakenly
>> assume that "encrypted" means that no one but the intended recipient can
>> read the traffic in the clear.  (Many mozilla developers even make that
>> mistaken assumption.)  But we know that's simply not true for
>> unauthenticated encryption.
> 
> What is the key difference here?  Why can't you read authenticated 
> encrypted data but unauthenticated encrypted data?
> 
> p.s. you are assuming that the server certificate is safe at all time, 
> which it isn't.

That fact that the public key was authenticated to belong to the party
named in the certificate means that the party who performed that
authenticated verified (among other things) that the party has the
private key corresponding to that public key.

Now, when I send my sensitives data to that party, that party could always
turn around and give my data to my enemies, put it on a road-side bill
board, or disseminate it in various ways of which I don't approve.
Having an authenticated certificate doesn't assure me that the party won't
do that.

The party could also give copies of his private key to my enemies, put it
on a road-side bill board, etc.  And after doing that, those others might
be able to intercept and decrypt the sensitive data that I send to that
party, just as if the party had given the sensitive data directly to them.
The two situations are effectively equivalent.  Having an authenticated
public key does not protect me from the actions of the authenticated
party.

But either way, for a party other than the authenticated party to be
able to read my sensitive data after I send it to the authenticated
party, requires the authenticated party to be duplicitous in the action
of disseminating my sensitive data (or his private keys), or that the
authenticated party have exercised insufficient care with his private
key, allowing it to be compromised.  In either case, the authorized
third party has behaved in a way unworthy of my confidence, and is
responsible for any loss due to misuse of my sensitive data.  I should
not be sending my sensitive data to him.

The use of an authenticated public key give me assurances that my
vulnerability it limited to that authenticated party himself, and to
others with whom he may be duplicitous.  But it does not make me
invulnerable to that third party himself.

The PKI threat model provides me with assurances of communication with
a party that I have chosen to trust with my data.  It offers me little
reason to trust (or distrust) that authenticated party.  If that party
is untrustworthy then PKI neither helps me nor hinders me.

-- 
Nelson B

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to