[cryptography] SSL is not "broken by design"

Marsh Ray marsh at extendedsubset.com
Mon Sep 19 12:42:03 EDT 2011


On 09/19/2011 10:53 AM, Andy Steingruebl wrote:
> You know what else fails at fighting phishing?
>
> - The locks on my car door

Hmmm, what would a phishing attack on your car door locks look like?

Perhaps someone could replace your car one night with a very 
similar-looking one, then when you're ready to leave your house in the 
morning you insert your key and it takes an impression of it.

Ideally the impostor car would fool you long enough for you to drive to 
work in it. When you were ready to leave for work, both cars would be gone.

> - The fence surrounding my house

That would take some creativity. Perhaps a good job interview question.

> - The full disk encryption on my laptop

The evil maid!

>
> </snark>
>
> SSL wasn't designed to stop phishing, if sites don't deploy it with
> mutual-auth it can't possibly do so.

I'd love to be proven wrong, but even with client cert mutual auth there 
are probably some attacks there on modern browsers.

>  Saying it is a failure because
> it doesn't stop that ignores the problem it is designed to solve, or
> at least some it could credibly claim to solve.
>
> SSH doesn't solve phishing either.  Is it a total failure also?  I
> don't think so.

I love SSH and think it's a great protocol. But to be honest, we have to 
admit that it would be far worse than SSL at the problem 
no-prior-relationship ecommerce bootstrapping problem.

> SSL is used for a lot more than HTTPS.  Any proposal to "fix" it
> *must* take that into account.

Thank you for repeating this.

Browser-based HTTPS is certainly the most visible, but not at all the 
only use case for SSL/TLS. Many uses of SSL/TLS don't even rely on this 
house-of-cards PKI constructed by the CA/Browser Forum.

IMHO, as far as crypto protocols go the TLS protocol itself is pretty 
solid as long as the endpoints restrict themselves to negotiating the 
right options.

On that note, there's a little more info coming out on the Duong-Rizzo 
attack:
http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611


- Marsh



More information about the cryptography mailing list