Why the MD5 cert hack doesn’t matter.
(Donning my asbestos undies in preparation for any possible flamage that may result ...)
The blogosphere is all a-twitter (heh) about the presentation today by Sotirov, Stevens, Applebaum et al., showing how a less-than-likely combination of clever steps can create a man-in-the-middle opportunity to insert rogue signed certificates from a “trusted” CA. Thierry Zoller’s great summary is here; Rich Mogull has the most reasoned “Don’t Panic” explanation of it here.
What I’m here to say is, I don’t really think this matters all that much except to security researchers. Here’s why: normal users’ trust has very little to do with certificates.
I remember seeing Bruce Schneier speak at some conference (it might have been TRISC), and mention as an aside that the wi-fi service being offered at the conference used some authentication that included an expired certificate. He noted wryly that plenty of security folks were using the service anyway—even security folks tend to click through a cert warning when they believe, rightly or wrongly, that the risk is low.
And let’s talk about the vast, vast, VAST majority of intertube users out there, the ones who don’t understand this stuff anyway. Let’s talk about your mom and my mom, or your boss and my boss. There are two kinds of users here: the ones who don’t understand and are deathly afraid of their computers, and the ones who don’t understand and aren’t troubled by it.
The ones who are afraid of their computers tend to panic whenever they get a pop-up anyway. You have to talk them through reading the certificate warning, loading an exception, or whatever, and eventually you just end up saying, “Mom, just click Continue, it’s okay.” They will hold their breath, close their eyes, and click whatever they need to in order to make the pop-up go away so that they can get to their oldie radio station or Jane Austen fan site or whatever.
The ones who are NOT afraid will click Continue without reading further, because they’re annoyed by any kind of pop-up and don’t want to take the time to figure out whether it’s really a problem. They don’t want their computer telling them what to do; they want to tell IT what to do, and what they want to do is get to their brokerage site, or their fantasy football, or whatever. (Yes, have you noticed the raging stereotypes in here? I raised ‘em myself from tiny hatchlings.)
My point is, these folks would still be susceptible to phishing even without the MITM component. I really don’t see an appreciable increase in risk here, even if you suddenly find all of China and the RBN hitting the magic combo that these researchers did. The ONLY place where I would see this making a difference is in host-to-host communication, where an application that suddenly gets a cert error will just die instead of saying, “Aw, the hell with it,” and clicking through. Someone will have to go troubleshoot the application and figure out why the SSL is failing, and then they’ll catch it. In that case, a MITM attack will go undetected because it won’t raise an error.
People everywhere are hyperventilating and saying OH NOES, NOW I CAN’T TRUST ANYTHING ON TEH INTERNET!!! To which I say, dude, you’re already choosing what to trust and what not to trust, and it’s based on a whole bunch of other factors that have little to do with certs. Certificates were a nice idea, but they were a security dweeb’s answer to trust, not a businessman’s answer to trust. They’re already too far under the covers to be understandable or useful to anyone outside of a small IT subset.
We need to move on to a better, business-oriented trust model anyway. This is just another crack in a wall that wasn’t all that great to begin with.
Posted by shrdlu on Tuesday, December 30, 2008
(5) Comments • Permalink •
