Florian Weimer wrote, On 2008-12-30 13:04: > * Michael Ströder: > >> Florian Weimer wrote: >>> Even if you've got the certificate, you need to attack IP routing or >>> DNS. If you can do that, chances are that you can mount this attack >>> against one of the domain-validating RAs, and still receive a >>> certificate. So the browser PKI is currently irrelevant for practical >>> purposes (beyond CA revenues and giving users a warm, fuzzy feeling), >>> even if everybody follows established RA procedures. >> Oh Florian, come on! You know the MITM techniques within a LAN very >> well. > > BCP 38 requires that active MITM attacks don't work on LANs.
Surely you don't really think that's much of a deterrent to attackers?! > LANs which violate that and are under attack are typically not very usable: If an attacker wants his attack to be effective, he will be sure that it does not render the LAN unusable. > Search engines blocks you due to automated queries, DHCP and DNS > delivers data which is not 100% accurate (with unknown consequences), > you receive even more web ads than usual, rogue PPPoE servers sniff > your credentials, and so on. Consider the increasingly common case of the "free" wireless access point set up for the express purpose of MITMing all those who would use it. Consider the phenomenon of "phorm". Most ordinary users never even notice that they're under attack unless the attacker does a really poor job of it (e.g. bug 460374). > In short, I don't think this is the use case to optimize for. This is the use case that sets SSL apart from other lesser crypto schemes that do weak/no authentication. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
