Maybe It's Snake Oil All the Way Down
James A. Donald
jamesd at echeque.com
Sat Jun 7 12:43:39 PDT 2003
--
James A. Donald:
> > Suppose the e-gold, to prevent this sea of spam trying to
> > get people to login to fake e-gold sites, wanted people to
> > use public keys instead of shared secrets, making your
> > secret key the instrument that controls the account instead
> > of your shared password.
> >
> > They could not do this using the standard IE webbrowser.
> > They would have to get users to download a custom client,
> > or at least, like hushmail, a custom control inside IE.
Anonymous
> Why do you say that? You were already given pointers to how
> they could configure their web servers to use certificate
> based client authentication.
That is a solution to a completely different problem. Using
that method the administrator would have to set up each client,
which is impractically expensive and inconvenient unless
administrator and customer meet personally and their computers
are in the same office.
The point is that the customer should be able to set himself
up, as he does on e-gold, hotmail, hushmail, etc, and that if
subsequently he is fooled into logging on to a fake site this
should do no harm.
James A. Donald:
> > HTTPS assumes that the certificate shall be blessed by the
> > administrator out of band, and has no mechanism for using a
> > private key to establish that a user is simply the same
> > user as last time.
Anonymous
> HTTPS is just HTTP over SSL/TLS. It says nothing about the
> trust model for the certificates; it merely specifies how
> each side can deliver its cert(s) to the other side. Deciding
> which ones to trust is out of scope for TLS or HTTPS.
You cannot use https to implement the trust model that hotmail
and everyone else uses. In that sense it does say something
about the trust model. It assumes they are subject to
hierarchical validation, which e-gold passwords and hotmail
passwords are not.
hotmail passwords merely show it is the same guy logging in.
You cannot use https to do this. It is designed to show it is
the guy blessed by the administrator logging in.
> E-Gold could set things up to allow its customers to
> authenticate with certs issued by Verisign, or with
> considerably more work it could even issue certs itself that
> could be used for customer authentication. Why doesn't it do
> so?
Because that is not the trust model they or hotmail want to
implement. They don't want true names, and they do not want,
and cannot afford, the very great overheads associated with
true names.
To implement the desired trust model, the client browser would
need to generate the private key during account creation.
E-gold would then record the corresponding public key. You
cannot do that with existing client software.
They do not want to turn their business model upside down to
support verisign's profit model. The problem is to implement
the existing model in a way that protects against the man in
the middle attack represented by this storm of fake sites.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
OPeQMye27fygWs3rNrP88mXXiOYU+xcVrAyLlBjO
4+rppNlgtCDm9YfF1Wiqe//vrDa3kdlXpzatLpbhm
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the Testlist
mailing list