[cryptography] SSL is not "broken by design"

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sat Sep 24 13:36:12 EDT 2011


Ben Laurie <ben at links.org> writes:

>a) Key continuity is nice, but ... are you swapping one set of problems for
>another? What happens when I lose my key? How do I roll my key? I just added
>a second server with a different key, and now a bunch of users have the
>"wrong" key - what do I do? How do I deal with a compromised key?

The slides are actually material taken from a book draft, which covers key
continuity issues in some detail.  So the (non :-)-answer in this case is "See
the section on key continuity on page X".

>b) Entering passwords on a new site: again, nice, but how will you detect
>sites that merely mimic password entry? Wide acceptance would lead to
>avoidance techniques that seem hard to detect.

Uhh, I'm not sure what the point is here, why would a site mimic password
entry?

Another thing to remember is that all of this is risk-assessment, not the
boolean "has a cert" that browsers currently use.  Very emphatically not the
browsers' "has a cert" mechanism.  So even with a worst-case key-continuity
failure, at most you're going to move the risk slider some way towards "more
risky" so that you have to fall back on other measures to assess a site's
safety.  That's the main contribution of the slides, that we need to diversify
our measures and get away from the "has a cert -> good" that's never really
worked since it was introduced.

Peter.



More information about the cryptography mailing list