[wordup] The SSL Debacle

[Adam Shand]

This came up in a Shmoo Group (http://www.shmoo.com) discussion about 
CACert (www.cacert.org), a free certificate authority which is trying to 
get it's root cert into Mozilla 
(http://bugzilla.mozilla.org/show_bug.cgi?id=215243).

Edited and taken slightly out of context here, but I tend to agree with 
Len.  It's not that MITM attacks can't happen, but rather that they are 
the smaller problem.

Adam.

From: Len Sassaman <rabbi at abditum.com>

<rant>

I am so disgusted with the entire SSL debacle. I was reminded just how
clueless everyone involved with browser security was, at Blackhat when
I had the pleasure of meeting one of the Microsoft wankers who works on
IE browser security.

I'm not sure why things are the way they are today. Perhaps Taher and
the Netscape crew were just security/crypto geeks who where genuinely
oblivious to the annoying fact that browsers would have actual users.
Or maybe there was a conscious decision to create a multi-million dollar
industry based on FUD and back-room deals with RSA.

See, applications like PGP and Mixmaster have thus far gotten away with
having shitty UI, because they are security tools, and the assumption
that their users will have some sort of understanding of security 
concepts is not entirely far-fetched. However, web browsers are not 
security tools; they are web browsing tools. Therefore, it is moronic to 
think that the average user has any understanding of cryptography or 
security concepts.

The problem, and the solution (as I explained to the MS drone) are
simple. The behavior of the browser, when it comes to SSL, is lacking a 
major piece of functionality. Currently, you can surf the web in one of 
two basic ways: unencrypted, or encrypted and authenticated 
(server-side). What is missing is an "encrypted, unauthenticated" mode. 
(At this point in my explanation to Mr. IE Security, he interjected "but 
you can't have encryption without authentication!" I will now explain 
why that is horseshit.)

Treat your users as state machines. Understand that users have no
security comprehension. When users encounter an SSL warning, they will 
do one of two things. Either, they will do whatever they have to to make 
the warning go away (such as switch to non-SSL mode, or not view that
website), or they will simply ignore the warning.

Users new to the web browsing experience will usually do the former.
Users who understand that browser security warnings are meaningless will 
do the latter. Neither action is the ideal one, though the former gives
incentive to website owners to pay ludicrous amounts of money to 
Verisign for SSL certificates, and thus is "desired" behavior.

If, however, browsers supported a certificate type of "No
Authentication", users would be free to browse the web over SSL without 
encountering these annoying and meaningless warnings, and website owners 
would be free to enable SSL without paying the Verisign extortion tax. 
Furthermore, normal authentication certificates would have greater 
meaning, since the average user would not be desensitized to the browser 
security warnings, and in the rare cases where such a warning would be 
thrown, the user might pay greater attention.

I log into Friendster, and Livejournal, and Slashdot, and hell --
Security Geeks -- with my password in the clear. This should not have to 
be the case. It's 2003. We should not have passwords, no matter how
unimportant, traveling over the network in the clear.

Yet, the Security Gods prefer that to the possible chance that the
mythical man-in-the-middle attack demons might descend upon us.

What utter crap.

</rant>