[cryptography] SSL is not "broken by design"
iang at iang.org
Tue Sep 20 13:09:24 EDT 2011
On 18/09/11 20:02 PM, M.R. wrote:
> On 18/09/11 08:59, James A. Donald wrote:
>> If we acknowledge that SSL is not secure, then need
>> something that is secure.
> Nothing is either "secure", or "not secure". Any engineering
> system is either secure for the purpose it was designed for,
> or it is not. SSL is secure, since it is secure for the
> purpose it was designed and implemented for.
That's bad engineering. Any system that is designed for protecting
humans has to base itself on risks. Either it has a reasonable chance
of addressing the risks at a good level, or it addresses the risks at a
less than good level.
It is only cryptographers that insist that security is binary -- perfect
or not there at all. Too my knowledge, no other engineering discipline
falls to this hubris . They achieve this remarkable feat by drawing
the boundary of security so narrow as to be typically irrelevant to most
This can be seen in the original design of SSL. It was designed to
protect the wire, because it was theorised that the wire was where the
threat was. Eavesdropping, MITMs and the like. Not the node.
But, if you read carefully between the lines, there was no evidence of
that statement. In fact, it turns out, the reason that the threat was
taken to be the wire and not the node was that (a) there was a military
cryptography model that supported wire threats as important, and (b)
there was an exotic and sexy cryptography design that could defeat it.
In other words, they did it because they could .
In practice it was the reverse: in commercial threats, the node is the
problem. It's always been far greater of a problem than the wire .
This is why SSL is often considered to be a fashion accessory, not a
serious indicator of security; it didn't solve the real problem, but it
itself wasn't much of an issue until attackers started embarrassing it
by invading its design space with attacks.
 that's a bit of a misnomer, even cryptographers warn the builders of
crypto tools that on-off security doesn't exist.
 So, SSL is broken by requirements. It meets its requirements well,
but they weren't so useful to society.
 with notable exception of SSH, which had a proven eavesdropping
problem so put in place an eavesdropping solution :)
More information about the cryptography