OK, Frank, not going to run in circles here...just a few short replies....last try....
Frank Hecker: > I understand what you're saying, but in the end we have to weight > security risks in some way, and using an economic analysis is IMO a > reasonable way to do that. To say that you can't put a price on > something is in essence to stop discussion and foreclose analysis. We > implicitly put a price on stuff like breached privacy and lost trust all > the time, by saying that certain measures to protect privacy and > maintain trust are worth the investment and others are not. If privacy > and trust were truly priceless then we would be obligated to spend as > much money as possible to protect them, to the exclusion of any other > considerations. > Yes, yes and yes, everything should be *reasonable*! > >> Frank, first of all your argument is lame, because you are talking about >> the eventual price of such an attack and apparently you seem to agree >> that this attack vector is real and an MITM possible. >> > > Is it a conceivable attack? Yes. Is it a likely attack? I'm not sure, but it's a threat which exist for a very long time in this case. This is my problem here. The threat doesn't diminish after a *reasonable* amount of time. The same you might ask about MITM attacks in general. I can't point to any I know about, but we know it's possible and that's why we are all here. > But I would note that to the extent that "this attack vector is real and > an MITM possible", this is the case for any DV certs, even 1-year certs. > Yes, but the threat declines after one year. This is a *reasonable* amount of time and something controllable to some extend. > Strictly speaking I don't need to judge the profit; I just need to judge > the probability and the cost. My point is that as the cert lifetime > grows longer, the probability of an attack (and thus any expected > economic gain from it) increases along with it, but the cost of an > attack increases roughly in proportion, since the attacker would need to > purchase more expensive certs. Until a CA decides to issues such certificate for said period without an increase in price - and than what? Which risk assessment is now correct? > You're correct, the price of a certificate has nothing to do with the > function of a CA and how it goes about its business. However the price > of a cert is quite relevant to the analysis of potential attacks. To use > an extreme example, if obtaining an SSL cert cost at least $100,000 then > there probably wouldn't be many attacks in real-life involving attackers > purchasing certs. They'd find cheaper ways to attack systems. > LOL Yes you are right in this respect and I wouldn't worry that much about the lifetime of such a certificate :-) > >> Very obviously, a domain name can literally not be used again for any >> serious purpose if there is the potential of a valid and legitimate >> certificate in the hands of a previous owner (and potential attacker). >> Please read this sentence twice, three times load ;-) >> > > I have indeed read it, now please read this in return :-) As long as > domain names can be re-registered to different owners, there is always > this potential to some degree. It doesn't matter whether the cert > lifetime is 10 years, 1 year, or 1 week. If I purchase a domain name > today, it's possible that someone registered this domain a few days ago, > got a cert for it, returned the domain name for a refund, and is now > ready to attack. Thus if we take your statement literally then the > implication is that we should never use a DV cert with any domain > whatsoever, period, full stop. > Yes Frank you are right, but I have the feeling that I'm failing to bring the correct message over to you... A threat for the period of one week is something one can take into consideration and handle. Even the period of one year of such a threat might be *reasonable*. But the same thread for ten years is not. Me, as the new domain name owner, can circumvent and plan accordingly if such certs are limited to a *reasonable* validity. I can't handle ten years. > > And I'm telling you that if we take your argument at face value then > there is no absolute guarantee, because this attack is theoretically > possible for any cert lifetime longer than a day or so. So we have to > fall back on judging relative risk, and that is what I've been trying to > do in my analysis. > > Yes, we agree on that completely. That's why I'm asking for something which is *reasonable*. Ten years of domain validated certs are not *reasonable*. -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
