[cryptography] Social engineering attacks on client certificates (Was ... crypto with a twist)

Jeffrey Walton noloader at gmail.com
Sun Oct 14 13:31:35 EDT 2012

On Sun, Oct 14, 2012 at 4:21 AM, ianG <iang at iang.org> wrote:
> Hi Thierry,
> On 14/10/12 01:21 AM, Thierry Moreau wrote:
>> ianG wrote:
>>> On 10/10/12 23:44 PM, Guido Witmond wrote:
>>>> 2. Use SSL client certificates instead;
>>> Yes, it works.  My observations/evidence suggests it works far better
>>> than passwords because it cuts out the disaster known as "I lost my
>>> password...."
>>> It is what we do over at CAcert, [...]
>> Sorry for the long digression below, the overall concern bugs me somehow.
>> There is no doubts that the CAcert usage of client certificates is an
>> interesting experiment/deployment.
>> However, the limited value (of the CAcert activities enabled by a valid
>> client certificate) for attackers reduces the conclusions that can be
>> drawn from the deployment.
>> When reviewing a security scheme design for a client organization, I had
>> to ask myself what a potential attacker would attempt if the system was
>> protecting million dollar transactions.
> Yes.  We have to first figure out the business model.  Then extract from
> that a model of threats, and finally come up with a security model to
> mitigate the threats while advancing the business model.
> If your business is dealing with million dollar transactions, can I ask if
> you are using browsers at all in that scenario?  If so, isn't there
> something wrong with this scenario?
> [SNIP]
> What you're now likely to question is whether the browser is a secure enough
> container to stop attacks from other vectors?  It's not.  Which is why
> browsers shouldn't be used for online payments of significant value.  At
> all.  But it is the browser that is at fault here, and its failure to
> protect the user is orthogonal to the question of passwords versus
> client-certs.

Usability issues aside, the browser (HTML/CSS/JavaScript based
applications) can only handle low value data.

Well written native applications on mobile devices can usually handle
about medium value data (some hand waiving).

Another thing that folks don't want to accept: mobile devices can't
handle high value data that is to be available offline.


More information about the cryptography mailing list