[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)
pgut001 at cs.auckland.ac.nz
Mon Jan 7 20:28:20 EST 2013
Ben Laurie <ben at links.org> writes:
I've snipped most of this because, although it'd be fun to keep going back and
forth, I'm not sure if everyone else wants to keep reading the exchange (Ben,
we'll continue it over lunch or dinner some time :-). There is one point
though that really sticks out:
Phishing is not something that PKI is intended to address.
I don't think I've ever heard anyone admit that before. In particular if you
look at sites that talk about SSL's PKI, you see statements like:
In addition to encryption, a proper SSL certificate also provides
authentication. This means you can be sure that you are sending information
to the right server and not to a criminal.s server.
Why SSL protects from phishing
(that was just the first thing that popped up from a quick Google). So that
leads to two possibilities:
1. If browser PKI is meant to deal with phishing, and quite obviously doesn't,
then it's defective and needs to be replaced with alternative mechanisms.
2. If browser PKI isn't meant to deal with phishing then WTF are browser
vendors persisting with it and not applying other measures that do actually
>I don't doubt the effectiveness of the kind of thing you are talking about,
>but what I would find helpful is something actionable - i.e. "if you did X,
>then users would actually better protected, and it won't break the 'net".
That's pretty much what the longer reference I mentioned contains, there's
something like two to three solid pages of references to research papers and
(admittedly less rigorous) discussions with technical guys from vendors who do
internet malware scanning to protect users from harm.
More information about the cryptography