No, Websites Shouldn't Roll Their Own Encryption
from the just-use-ssl dept
Ben Adida calls out Apple for the poor security of its MobileMe web applications and AppleInsider for its misguided defense of Apple's design. Most users know that a special "lock" icon in the corner of their browser is a signal that the contents of the current website is encrypted in transit, protecting it from third-party eavesdropping. Evidently, users of MobileMe have been alarmed that MobileMe applications don't take advantage of this feature, even when sensitive information is being transmitted. Appleinsider says this is no big deal because Apple uses "authenticated handling of JSON data exchanges" to ensure security, and as a result SSL is unnecessary. Moreover, "if Apple applied SSL encryption in the browser, it would only slow down every data exchange without really improving security, and instead only provide pundits with a false sense of security that distracts from real security threats."
As Adida points out, this is way off base. A malicious individual may discover a security hole in the unencrypted part of the site that Apple's engineers didn't think of. Encrypting the entire session, rather than just the parts that Apple thinks are security-sensitive, provides an important extra layer of protection. There's also a more fundamental problem with AppleInsider's argument: without SSL, the user has no real assurances that he's talking to Apple, rather than a third party executing a man-in-the-middle attack (perhaps using a poisoned DNS cache). SSL requires servers to present a certificate signed by a recognized certificate authority in order to prove that it's the website it claims to be. That makes it difficult for a third party to masquerade as a legitimate SSL-encrypted website.
The scheme works because the authentication algorithm is baked into the browser and can't be changed by the website being visited. In contrast, if the authentication is performed by JavaScript code that was supplied by the server you're trying to authenticate, the "authentication" process is completely useless. A man-in-the-middle attacker can simply substitute his own bogus authentication script for the real one, and no one will notice the difference. So even if you have complete faith in Apple's ability to write secure authentication algorithms, you can't trust a non-SSL website purporting to be from Apple because there's no way to be sure it's actually an Apple server.
Training ordinary users to follow good security practices is notoriously difficult. Widespread user understanding and acceptance of the "lock" icon in their browsers is arguably the most significant improvement in web security since the web was created. It's extremely counterproductive to undermine use confidence in SSL by telling users to put their faith in Apple's magical homebrew crypto algorithms instead.
Filed Under: encryption, roll your own, ssl
Companies: apple
