[cryptography] PKI - and the threat model is ...?
marsh at extendedsubset.com
Mon Sep 12 15:12:09 EDT 2011
On 09/12/2011 01:45 PM, M.R. wrote:
> The system is not expected to protect individual
> liberty, life or limb, nor is it expected to protect high-value
> monetary transactions, intellectual property assets, state secrets
> or critical civic infrastructure operations.
It never was, and yet, it is asked to do that routinely today.
This is where threat modeling falls flat.
The more generally useful a communications facility that you develop,
the less knowledge and control the engineer has about the conditions
under which it will be used.
SSL/TLS is very general and very useful. We can place very little
restriction on how it is deployed.
It will be used wherever it "works" and "feels secure". More and more
firewalls seem to be proxying port 80 and passing port 443. So it will
continue to be used a lot.
Few app layer protocol designers will say "this really wasn't part of
the SSL/TLS threat model, we should use something else". Most will say
"this is readily available and is used by critical infrastructure and
transactions of far greater value than ours".
It needs to be as secure as possible, but I freely admit that I don't
know what that means.
More information about the cryptography