[cryptography] Social engineering attacks on client certificates (Was ... crypto with a twist)

Jeffrey Walton noloader at gmail.com
Sun Oct 14 13:31:35 EDT 2012


On Sun, Oct 14, 2012 at 4:21 AM, ianG <iang at iang.org> wrote:
> Hi Thierry,
>
> On 14/10/12 01:21 AM, Thierry Moreau wrote:
>>
>> ianG wrote:
>>>
>>> On 10/10/12 23:44 PM, Guido Witmond wrote:
>>>
>>>> 2. Use SSL client certificates instead;
>>>
>>> Yes, it works.  My observations/evidence suggests it works far better
>>> than passwords because it cuts out the disaster known as "I lost my
>>> password...."
>>>
>>> It is what we do over at CAcert, [...]
>>
>> Sorry for the long digression below, the overall concern bugs me somehow.
>>
>> There is no doubts that the CAcert usage of client certificates is an
>> interesting experiment/deployment.
>>
>> However, the limited value (of the CAcert activities enabled by a valid
>> client certificate) for attackers reduces the conclusions that can be
>> drawn from the deployment.
>>
>> When reviewing a security scheme design for a client organization, I had
>> to ask myself what a potential attacker would attempt if the system was
>> protecting million dollar transactions.
>
> Yes.  We have to first figure out the business model.  Then extract from
> that a model of threats, and finally come up with a security model to
> mitigate the threats while advancing the business model.
>
> If your business is dealing with million dollar transactions, can I ask if
> you are using browsers at all in that scenario?  If so, isn't there
> something wrong with this scenario?
>
> [SNIP]
>
> What you're now likely to question is whether the browser is a secure enough
> container to stop attacks from other vectors?  It's not.  Which is why
> browsers shouldn't be used for online payments of significant value.  At
> all.  But it is the browser that is at fault here, and its failure to
> protect the user is orthogonal to the question of passwords versus
> client-certs.
Bingo!

Usability issues aside, the browser (HTML/CSS/JavaScript based
applications) can only handle low value data.
http://www.google.com/#q=webkit+site:nvd.nist.gov.

Well written native applications on mobile devices can usually handle
about medium value data (some hand waiving).

Another thing that folks don't want to accept: mobile devices can't
handle high value data that is to be available offline.

Jeff



More information about the cryptography mailing list