On Thu, 30 May 2002, Ian Grigg wrote: [...]
And, in practice this is how it goes. No thief ever bothers to do an MITM, even over *un*encrypted traffic. They simply hack into the machines and steal it all. That's why there has never been a case of CCs sniffed over the net and being used to commit a fraud (at least, no recorded ones).
Change the analysis to small merchants, and it is even worse (of course Amazon will have a cert, so even its rich bounty is unavailable, you have to do this on small merchants).
So, how do we make Veri$ign richer? Easy, switch browsers to accepting self-signed certs. To see this, we have to have tried or heard about small enterprises who have tried to set up their SSL certs. [...]
If MITM attacks are so hard that you don't consider them a threat, why bother with SSL at all? SSL provides two things: * A certificate chain that demonstrates who you're talking to * Secrecy and message integrity between you and the person you're talking to You remove the first benefit by using self-signed certs. The second one is still nice, but if you're worried about me *watching* your traffic, shouldn't you also be worried about me intercepting your DNS lookup and replacing the response with my own IP? If we all use self-signed certs, you'll never be the wiser. Yes, the attack you describe where I get the root nameservers to redirect *all* amazon.com traffic to me is hard. And it can be pretty tough to watch and modify an individual user's traffic. But it's not nearly as tough as breaking the crypto behind SSL. If we use it right, that security extends to the domain I type into my browser. If we don't, we reduce it to the hardness of manipulating the wire. I certainly agree that merchants need to use better security on the server end. But that's orthogonal to the SSL issue. -J