[cryptography] SSL is not "broken by design"

Jeffrey Walton noloader at gmail.com
Tue Sep 20 13:32:31 EDT 2011


On Tue, Sep 20, 2011 at 1:09 PM, ianG <iang at iang.org> wrote:
> On 18/09/11 20:02 PM, M.R. wrote:
>>
>> On 18/09/11 08:59, James A. Donald wrote:
>>
>>> If we acknowledge that SSL is not secure, then need
>>> something that is secure.
>>
>> Nothing is either "secure", or "not secure". Any engineering
>> system is either secure for the purpose it was designed for,
>> or it is not. SSL is secure, since it is secure for the
>> purpose it was designed and implemented for.
>
> That's bad engineering.  Any system that is designed for protecting humans
> has to base itself on risks.  Either it has a reasonable chance of
> addressing the risks at a good level, or it addresses the risks at a less
> than good level.
>
> It is only cryptographers that insist that security is binary -- perfect or
> not there at all. Too my knowledge, no other engineering discipline falls to
> this hubris [0].  They achieve this remarkable feat by drawing the boundary
> of security so narrow as to be typically irrelevant to most purposes.
>
> This can be seen in the original design of SSL.  It was designed to protect
> the wire, because it was theorised that the wire was where the threat was.
>  Eavesdropping, MITMs and the like.  Not the node.
>
> But, if you read carefully between the lines, there was no evidence of that
> statement.  In fact, it turns out, the reason that the threat was taken to
> be the wire and not the node was that (a) there was a military cryptography
> model that supported wire threats as important, and (b) there was an exotic
> and sexy cryptography design that could defeat it.
>
> In other words, they did it because they could [1].
>
> In practice it was the reverse:  in commercial threats, the node is the
> problem.  It's always been far greater of a problem than the wire [1].  This
> is why SSL is often considered to be a fashion accessory, not a serious
> indicator of security; it didn't solve the real problem, but it itself
> wasn't much of an issue until attackers started embarrassing it by invading
> its design space with attacks.
It seems to me that both the network and the endpoints are at risk. By
what degree the endpoint exceeds the network is an open question for
me since (in my observations) most folks and organizations don't boast
like ComodoHacker. Sadly, I suspect its 'epidemic vs pandemic' and not
'rare/isolated vs occasional'.

Network attacks are not an isolated incident (recall Tunisia and
Facebook?), not to mention chronic problems with Cisco gear in the
network, and the cheap cable/dsl broadband routers and home networking
equipment that rarely gets updated.

Jeff



More information about the cryptography mailing list