[cryptography] Diginotar Lessons Learned (long)

Ian G iang at iang.org
Sun Sep 11 06:38:21 EDT 2011

On 11/09/2011, at 9:10, Andy Steingruebl <andy at steingruebl.com> wrote:

> On Sat, Sep 10, 2011 at 4:01 PM, Peter Gutmann
> <pgut001 at cs.auckland.ac.nz> wrote:
>> Sure, figuring out whether it'll actually work is an experiment.  OTOH we have
>> vast masses of data on what phishers are doing,

Which can be reduced to one observation:

Phishing attacks typically move the victim to HTTP.

>> so while we can't easily tell
>> what will work, we can tell fairly easily what won't work.

Therefore, improving SSL for security won't work.

>> If it doesn't
>> address anything that phishers are doing then we know, without even bothering
>> to deploy it, that it'll have no effect.

To figure this out we need military thinking. The old aphorism is that the battle is won by the general who imposes his will over the other.

A primary or leading element of will is the selection of the battleground. Each general selects the battleground which will result in victory; these won't be the same.

The battle is then won by the general that forces the other into the chosen battleground.

> 3. Who are the people arguing that TLS/HTTPS is a defense against
> phishing that is doing any "real" work on any of this

Let's reinterpret that for war.

We have selected HTTPS as our winning battleground. Phishers typically defeat us by pushing the victims to HTTP.

What can we do to stop that?

Or, your question: Who are the people that are arguing to keep the victims on our HTTPS battleground?

> other than
> pitching products/junk?

Who are the people making it harder?

> Getting to credentials that can't be easily given away to the wrong
> party would certainly be a step in the right direction.

Now to weapons. Yes credentials, and it is this that makes SSL work - it establishes a repeatable, reliable relationship, including TOFU.

(but, capabilities school says that credentials should be transferable, any attempt to constrain is a sin)

Password: anything that replaces the manual password method seems to help. Client certs, SRP.

Malware: Skype model. chrome separation of sub-apps? Apple/walled garden. Geer's observation.

> Please don't forget that in the presence of malware on the client
> machine most of this doesn't matter, and so depending on what you
> think the balance is between phishing and malware for stealing
> credentials and/or monetizing accounts, you have a different set of
> things to do to make progress.

Right. Malware dominates phishing as a threat. Another story...


More information about the cryptography mailing list