[Discuss] free SSL certs from the EFF

[me at mattgillen.net (Matthew Gillen)]

On 12/04/2014 11:42 PM, John Abreau wrote:
> On Thu, Dec 4, 2014 at 1:00 PM, Richard Pieri <richard.pieri at gmail.com>
> wrote:
>
>> On 12/4/2014 12:15 PM, Joe Polcari wrote:
>>
>>> To me, that's a good reason for things to stop working.
>>>
>>
>> For certain values of "good" I suppose.
>>
>> Good news: your email wasn't hacked.
>> Bad news: you're fired for failing to submit your reports on time.
>
>
> On the other hand, if you accept the bad guy's poisoned DNS data:
>
>      Good news: you feel secure because you sent out your reports on time.
>      Bad news: They were sent to the bad guy's mail server, so you're still
> fired for failing to submit your reports on time to your employer's mail
> server.

Worse news: the DNS misdirection enabled a MITM attack that captured 
your credentials, and your credentials are used to hack into the company 
and cause a data breach. Then they have a real reason to fire you (has 
anyone actually been fired for not submitting reports on time?).  I know 
the example wasn't meant to be taken literally, but the point is that 
typically it is far worse to allow your credentials to be compromised 
than it is to have delays in doing your job.  Obviously the degree to 
which this is true varies from job to job, but the point remains that if 
you're ignoring authenticity with respect to what machines you are 
talking to, you can't be sure you are actually doing your job.

So that is why DoS should always be the preferred failure mode when 
authenticity can't be verified.

Matt