Eddy Nigg (StartCom Ltd.) wrote: > We aren't talking here about a possible gain in material only (money, > credit cards), but also eavesdropping and acquiring information. > Breached privacy is a *LOSS* for the relying party and LOST trust in the > software upon which the relying party relies, which can't be measured by > a financial gain (profit) only.
I understand what you're saying, but in the end we have to weight security risks in some way, and using an economic analysis is IMO a reasonable way to do that. To say that you can't put a price on something is in essence to stop discussion and foreclose analysis. We implicitly put a price on stuff like breached privacy and lost trust all the time, by saying that certain measures to protect privacy and maintain trust are worth the investment and others are not. If privacy and trust were truly priceless then we would be obligated to spend as much money as possible to protect them, to the exclusion of any other considerations. > Frank, first of all your argument is lame, because you are talking about > the eventual price of such an attack and apparently you seem to agree > that this attack vector is real and an MITM possible. Is it a conceivable attack? Yes. Is it a likely attack? It's hard to tell; it's not one that to my knowledge has ever been encountered. But IMO if this attack ever does occur with measurable frequency and become a serious threat in actuality (not just in theory) it will be because it is profitable for someone. That's why I feel justified in looking at this from an economic point of view. But I would note that to the extent that "this attack vector is real and an MITM possible", this is the case for any DV certs, even 1-year certs. > It's just a > question of price and time. Nor is any expected profit anything you can > judge. Strictly speaking I don't need to judge the profit; I just need to judge the probability and the cost. My point is that as the cert lifetime grows longer, the probability of an attack (and thus any expected economic gain from it) increases along with it, but the cost of an attack increases roughly in proportion, since the attacker would need to purchase more expensive certs. This implies that the expected profit in both cases is roughly the same, independent of what that actual profit number happens to be. > But seriously! I've never read in any CPS anywhere that the price of a > domain name (and a certificate for that matter) is a measure applied by > a CA. You're correct, the price of a certificate has nothing to do with the function of a CA and how it goes about its business. However the price of a cert is quite relevant to the analysis of potential attacks. To use an extreme example, if obtaining an SSL cert cost at least $100,000 then there probably wouldn't be many attacks in real-life involving attackers purchasing certs. They'd find cheaper ways to attack systems. > Very obviously, a domain name can literally not be used again for any > serious purpose if there is the potential of a valid and legitimate > certificate in the hands of a previous owner (and potential attacker). > Please read this sentence twice, three times load ;-) I have indeed read it, now please read this in return :-) As long as domain names can be re-registered to different owners, there is always this potential to some degree. It doesn't matter whether the cert lifetime is 10 years, 1 year, or 1 week. If I purchase a domain name today, it's possible that someone registered this domain a few days ago, got a cert for it, returned the domain name for a refund, and is now ready to attack. Thus if we take your statement literally then the implication is that we should never use a DV cert with any domain whatsoever, period, full stop. > It has nothing to do with economics, but a lot to do with the knowledge > that when I visit a web site with Firefox which has a legitimate > certificate, that the site I'm visiting belongs to the right guy. This > is what DV certs are all about, this is what they guaranty and this is > the lowest barrier and condition of the Mozilla CA policy. And I'm telling you that if we take your argument at face value then there is no absolute guarantee, because this attack is theoretically possible for any cert lifetime longer than a day or so. So we have to fall back on judging relative risk, and that is what I've been trying to do in my analysis. Frank _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
