[cryptography] SSL is not "broken by design"
iang at iang.org
Tue Sep 20 12:51:05 EDT 2011
On 20/09/11 01:53 AM, Andy Steingruebl wrote:
> SSL wasn't designed to stop phishing, if sites don't deploy it with
> mutual-auth it can't possibly do so.
Yes, it was. SSL was upgraded in v2 to provide a complete solution to
the MITM. This is evident in v2's addition of certificates, and the use
of browser UI elements in the original beta Netscape 1.0. The whole
design was holistic. The elements to cover the phishing possibility --
CA branding -- were stripped out for the final .
> Saying it is a failure because it doesn't stop that ignores the
> problem it is designed to solve, or at least some it could credibly
> claim to solve.
What is going on here is an adroit dancing between different meanings of
the word SSL. There are two different meanings available to the promoter.
SSL at the protocol level only does a secure connection. SSL at the
architectural level provides a complete system to solve secure ecommerce
between parties who haven't met each other as yet.
Which meaning do you want to use? For all of this discussion, only the
second is relevant. It's the architecture that is broken, not the protocol.
> SSH doesn't solve phishing either. Is it a total failure also? I don't
> think so. SSL is used for a lot more than HTTPS. Any proposal to "fix"
> it *must* take that into account. - Andy
Irrelevant, because SSH at the architectural level and SSH at the
protocol level are aligned and in balance. There is no discord because
SSH was never really taken out of its intended design framework. That's
arguably because the designer wasn't facing the political forces of the
times, which the designers of SSL drowned in. For whatever reasons, we
can skip that and look at the results: SSH was pretty much always used
in accordance with its original design-assumptions, whereas SSL was
pretty much never used in accordance with its original design-assumptions.
 This of course is the problem with designing for a problem you
haven't any evidence of existance ;-) By the time you need the solution,
it's been modified beyond recognition, and no longer works.
More information about the cryptography