[cryptography] SSL is not "broken by design"

James A. Donald jamesd at echeque.com
Sun Sep 18 17:01:10 EDT 2011


On 2011-09-18 8:02 PM, M.R. wrote:
> Nothing is either "secure", or "not secure". Any engineering
> system is either secure for the purpose it was designed for,

If one builds a fortress with a wall on only one side, and that wall has 
a plywood gate in it, then no matter how well the wall meets the design 
criteria of unscalability and bulletproofness, the fortress is insecure.

SSL fails at low security stuff in that it allows phishing, and it fails 
at high security stuff because there are always CAs that are corrupt, 
incompetent, or under the control of your adversary.




More information about the cryptography mailing list