[cryptography] Why anon-DH is less damaging than current browser PKI (a rant in five paragraphs)

Ben Laurie ben at links.org
Tue Jan 8 04:26:46 EST 2013

On Tue, Jan 8, 2013 at 1:28 AM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Ben Laurie <ben at links.org> writes:
> I've snipped most of this because, although it'd be fun to keep going back and
> forth, I'm not sure if everyone else wants to keep reading the exchange (Ben,
> we'll continue it over lunch or dinner some time :-).


>  There is one point
> though that really sticks out:
>   Phishing is not something that PKI is intended to address.
> I don't think I've ever heard anyone admit that before.  In particular if you
> look at sites that talk about SSL's PKI, you see statements like:
>   In addition to encryption, a proper SSL certificate also provides
>   authentication. This means you can be sure that you are sending information
>   to the right server and not to a criminal.s server.
>     -- http://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html

Modulo CAs not working correctly, this is what SSL does. So long as
you define "the right server" as being "the one with the domain name
you navigated to".

>   Why SSL protects from phishing
>   ------------------------------
>   [...]
>     -- http://www.sslshopper.com/why-ssl-the-purpose-of-using-ssl-certificates.html

Well, this cuts to some of the core of the problem: "This means that
your users will be far less likely to fall for a phishing attack
because they will be looking for the trust indicators in their
browser, such as a green address bar, and they won’t see it."

As we know, users don't act on trust indicators in general. And if
they did, I'm not so sure phishers wouldn't find a way to get the
green address bar.

> (that was just the first thing that popped up from a quick Google).  So that
> leads to two possibilities:
> 1. If browser PKI is meant to deal with phishing, and quite obviously doesn't,
> then it's defective and needs to be replaced with alternative mechanisms.
> 2. If browser PKI isn't meant to deal with phishing then WTF are browser
> vendors persisting with it and not applying other measures that do actually
> work?

I would claim that Google is doing exactly that (i.e. applying other measures).

>>I don't doubt the effectiveness of the kind of thing you are talking about,
>>but what I would find helpful is something actionable - i.e. "if you did X,
>>then users would actually better protected, and it won't break the 'net".
> That's pretty much what the longer reference I mentioned contains, there's
> something like two to three solid pages of references to research papers and
> (admittedly less rigorous) discussions with technical guys from vendors who do
> internet malware scanning to protect users from harm.

And this is an example of something Google is doing.

More information about the cryptography mailing list