[cryptography] SSL is not "broken by design"

ianG iang at iang.org
Tue Sep 20 13:09:24 EDT 2011


On 18/09/11 20:02 PM, M.R. wrote:
> On 18/09/11 08:59, James A. Donald wrote:
>
>> If we acknowledge that SSL is not secure, then need
>> something that is secure.
>
> Nothing is either "secure", or "not secure". Any engineering
> system is either secure for the purpose it was designed for,
> or it is not. SSL is secure, since it is secure for the
> purpose it was designed and implemented for.

That's bad engineering.  Any system that is designed for protecting 
humans has to base itself on risks.  Either it has a reasonable chance 
of addressing the risks at a good level, or it addresses the risks at a 
less than good level.

It is only cryptographers that insist that security is binary -- perfect 
or not there at all. Too my knowledge, no other engineering discipline 
falls to this hubris [0].  They achieve this remarkable feat by drawing 
the boundary of security so narrow as to be typically irrelevant to most 
purposes.

This can be seen in the original design of SSL.  It was designed to 
protect the wire, because it was theorised that the wire was where the 
threat was.  Eavesdropping, MITMs and the like.  Not the node.

But, if you read carefully between the lines, there was no evidence of 
that statement.  In fact, it turns out, the reason that the threat was 
taken to be the wire and not the node was that (a) there was a military 
cryptography model that supported wire threats as important, and (b) 
there was an exotic and sexy cryptography design that could defeat it.

In other words, they did it because they could [1].

In practice it was the reverse:  in commercial threats, the node is the 
problem.  It's always been far greater of a problem than the wire [1].  
This is why SSL is often considered to be a fashion accessory, not a 
serious indicator of security; it didn't solve the real problem, but it 
itself wasn't much of an issue until attackers started embarrassing it 
by invading its design space with attacks.



iang


[0] that's a bit of a misnomer, even cryptographers warn the builders of 
crypto tools that on-off security doesn't exist.
[1] So, SSL is broken by requirements.  It meets its requirements well, 
but they weren't so useful to society.
[2] with notable exception of SSH, which had a proven eavesdropping 
problem so put in place an eavesdropping solution :)



More information about the cryptography mailing list