[cryptography] SSL is not "broken by design"

ianG iang at iang.org
Tue Sep 20 12:51:05 EDT 2011


On 20/09/11 01:53 AM, Andy Steingruebl wrote:
> SSL wasn't designed to stop phishing, if sites don't deploy it with 
> mutual-auth it can't possibly do so.

Yes, it was.  SSL was upgraded in v2 to provide a complete solution to 
the MITM.  This is evident in v2's addition of certificates, and the use 
of browser UI elements in the original beta Netscape 1.0.  The whole 
design was holistic.  The elements to cover the phishing possibility -- 
CA branding -- were stripped out for the final [0].


> Saying it is a failure because it doesn't stop that ignores the 
> problem it is designed to solve, or at least some it could credibly 
> claim to solve.

What is going on here is an adroit dancing between different meanings of 
the word SSL. There are two different meanings available to the promoter.

SSL at the protocol level only does a secure connection.  SSL at the 
architectural level provides a complete system to solve secure ecommerce 
between parties who haven't met each other as yet.

Which meaning do you want to use?  For all of this discussion, only the 
second is relevant.  It's the architecture that is broken, not the protocol.

> SSH doesn't solve phishing either. Is it a total failure also? I don't 
> think so. SSL is used for a lot more than HTTPS. Any proposal to "fix" 
> it *must* take that into account. - Andy

Irrelevant, because SSH at the architectural level and SSH at the 
protocol level are aligned and in balance.  There is no discord because 
SSH was never really taken out of its intended design framework.  That's 
arguably because the designer wasn't facing the political forces of the 
times, which the designers of SSL drowned in.  For whatever reasons, we 
can skip that and look at the results:  SSH was pretty much always used 
in accordance with its original design-assumptions, whereas SSL was 
pretty much never used in accordance with its original design-assumptions.

iang


[0] This of course is the problem with designing for a problem you 
haven't any evidence of existance ;-) By the time you need the solution, 
it's been modified beyond recognition, and no longer works.



More information about the cryptography mailing list