Re: [TLS] Eleven out of every ten SSL certs aren't valid

["Steingruebl, Andy" <asteingruebl@paypal.com>]

> -----Original Message-----
> From: Peter Gutmann [mailto:pgut001@cs.auckland.ac.nz]
> Sent: Thursday, July 01, 2010 8:55 PM
> To: Steingruebl, Andy; tls@ietf.org
> Subject: Re: [TLS] Eleven out of every ten SSL certs aren't valid
> 
> "Steingruebl, Andy" <asteingruebl@paypal.com> writes:
> 
> >The problem of course is that this is purely anecdotal.  Cormac didn't
> >cite any research pointers for that, and it is at the heart of the current
> debate.
> 
> You mean the fifty-three references he gave weren't enough?  (OK, most of
> them aren't to evaluations of the effects of cert warnings, but several are). 

Sorry, the cite I found lacking was the one that said all cert warnings are false positives.  There is no published research that I know of that actually has tried to do a widescale measurement of active MITM attacks against SSL.  I know of at least 2 in progress, but neither is published yet.  This is the data I'm looking for.  You are right that the problem with certificate warnings has been studied in depth, I wasn't questioning that.  

> No, it says that what we're doing doesn't work, has never worked, and as far
> as anyone can tell will never work (and we have a multibillion(?) dollar global
> cybercrime indistry to prove it), so lets look for alternatives that do work.  So
> we can do away with the mess of certs not because there aren't any attacks
> but because they cost a ton of money and effort without actually working.

Again this is a question of what problem one is trying to solve, but I can concede that the existing ecosystem isn't working.  I don't know that cybercrime is flouring because of the global PKI and CAs, right?  Are you really trying to argue that because certificate warnings don't stop cybercrime, they aren't worthwhile?  I'm not sure I understand how you get to there from here.

> (That's one statistic I'd like to see, if there are X sites using CA-bought certs
> costing an average of $Y and it takes a site admin A time at $B an hour, how
> much is the PKI phantomime costing per year?  Cormac has already given
> figures for how much clicking past all the warnings costs on the user side, but
> what does it cost to create the mess in the first place?).

Again, without real attack/threat data that tells us how many active MITM attackers there are, I don't think we know the costs of clicking through cert warnings.  He assumes they are all false positives, something I'm not prepared to buy.  

Do you know of some published data on the number of malicious wifi access points, SSL mitm attacks, etc. that I don't?  Its possible I just haven't seen it.

--
Andy