Aria Stewart (aredridel) wrote,
Aria Stewart

Why SSL isn't much help.

Security Warning dialog

This is wrong for several reasons. It's the usual “unrecognized certificate” warning, this one is the variation for when the hostname and server cert name don't match. I chose this dialog simply because it's easy to trigger.

The biggest problem is with the word “trust”. It's asking you to accept only if you trust and First off, the IP address has nothing to do with it. Since we've got a mismatch going, that IP could be being spoofed. You can't trust it, and yet it's asking you to considder it. Next, — the problem here is more subtle: it's asking you a technical question, should I connect to this site? but advising you to make the decision on a non-technical basis, do so only if you trust the domain (and I'm extending in typical fashion here, that the domain really means the company who owns or operates it. The problem is that not only do you have to trust them to be honest, but you have to trust them to be competent. When's certificate was cracked (or was it stolen?), the warning above would have come up ... we've covered that the IP could be spoofed, and since the certificate isn't valid, we can't authenticate that, and it would have said right there. Any sane user, given the information that dialog box provides, would have connected. And they'd fall right into Joe Cracker's hands.

The solutions to this aren't easy. The reason it's not been solved is that it's not a technical problem. To know whether you should trust a connection to a server, you have to take into account three things: Is the company trustworthy? Are the admins competent? Is this who it says it is?

Is the company trustworthy? can't be answered technically: we only know through prior transactions and through word of mouth. This can be subverted with PR campaigns, too, and slander.

Are the admins competent? is nearly impossible to guage without a longstanding relationship. Some companies you may never know. In fact, it's easier to find a trustworthy small company than a large one on this basis.

Is this who it says it is? is subject to all sorts of attacks: A stolen certificate allows one to impersonate the server. Tricks with character sets can trick one into thinking that “Pаypal” is actually “Paypal” and similar. And if the certificate authority is broken into, You can't even meaningfully check the digital signature there either.

After I started writing it, I found a similar rant by Bruce Schneier.


  • (no subject)

    You do occasionally visit Boston Public Library, yes? If not, get on it! You were raised in and on libraries. They are in your blood! You…

  • (no subject)

    "I had never been in a room of people who were going to say 'yes' to me before." My friend and I crammed into a rush hour crowded train…

  • Recipe: Storm in the Garden

    Recipe: Storm in the Garden Ingredients 10 ml lavender vodka 10 ml orange vodka 10 ml hibiscus vodka 200 ml ginger ale ice…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment