I'm changing the subject of this thread to a more meaningful one. Michael Vincent van Rantwijk, MultiZilla wrote: > Nelson B wrote:
>> Most users of cryptography (all forms, not just https or SSL) mistakenly >> assume that "encrypted" means that no one but the intended recipient can >> read the traffic in the clear. (Many mozilla developers even make that >> mistaken assumption.) But we know that's simply not true for >> unauthenticated encryption. > > What is the key difference here? Why can't you read authenticated > encrypted data but unauthenticated encrypted data? > > p.s. you are assuming that the server certificate is safe at all time, > which it isn't. That fact that the public key was authenticated to belong to the party named in the certificate means that the party who performed that authenticated verified (among other things) that the party has the private key corresponding to that public key. Now, when I send my sensitives data to that party, that party could always turn around and give my data to my enemies, put it on a road-side bill board, or disseminate it in various ways of which I don't approve. Having an authenticated certificate doesn't assure me that the party won't do that. The party could also give copies of his private key to my enemies, put it on a road-side bill board, etc. And after doing that, those others might be able to intercept and decrypt the sensitive data that I send to that party, just as if the party had given the sensitive data directly to them. The two situations are effectively equivalent. Having an authenticated public key does not protect me from the actions of the authenticated party. But either way, for a party other than the authenticated party to be able to read my sensitive data after I send it to the authenticated party, requires the authenticated party to be duplicitous in the action of disseminating my sensitive data (or his private keys), or that the authenticated party have exercised insufficient care with his private key, allowing it to be compromised. In either case, the authorized third party has behaved in a way unworthy of my confidence, and is responsible for any loss due to misuse of my sensitive data. I should not be sending my sensitive data to him. The use of an authenticated public key give me assurances that my vulnerability it limited to that authenticated party himself, and to others with whom he may be duplicitous. But it does not make me invulnerable to that third party himself. The PKI threat model provides me with assurances of communication with a party that I have chosen to trust with my data. It offers me little reason to trust (or distrust) that authenticated party. If that party is untrustworthy then PKI neither helps me nor hinders me. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto