[cryptography] SSL is not "broken by design"

James A. Donald jamesd at echeque.com
Sun Sep 18 04:59:19 EDT 2011


On 2011-09-18 4:34 PM, M.R. wrote:
> SSL was designed to protect relatively low-value retail commerce,
> and it still does that job reasonably well.
>
> What failed were our mechanisms to ensure that system usage regime does
> not exceed it's design parameters. If I can be flippant, SSL was a
> pedestrian bridge which ended up used to drive 18-wheelers across it.
>
> What failed was the total absence of an equivalent of a notice in
> big red letters somewhere on the access ramp: "this structure is not
> capable of carrying heavy vehicles. If you use it to do so, it will
> collapse and you will get hurt or killed".

If we acknowledge that SSL is not secure, then need something that is 
secure.




More information about the cryptography mailing list