[cryptography] SSL is not "broken by design"

Ben Laurie ben at links.org
Sat Sep 24 13:38:27 EDT 2011

On Sat, Sep 24, 2011 at 6:36 PM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:
> Ben Laurie <ben at links.org> writes:
>>a) Key continuity is nice, but ... are you swapping one set of problems for
>>another? What happens when I lose my key? How do I roll my key? I just added
>>a second server with a different key, and now a bunch of users have the
>>"wrong" key - what do I do? How do I deal with a compromised key?
> The slides are actually material taken from a book draft, which covers key
> continuity issues in some detail.  So the (non :-)-answer in this case is "See
> the section on key continuity on page X".

So how about telling us what page X says.

>>b) Entering passwords on a new site: again, nice, but how will you detect
>>sites that merely mimic password entry? Wide acceptance would lead to
>>avoidance techniques that seem hard to detect.
> Uhh, I'm not sure what the point is here, why would a site mimic password
> entry?

So as to steal your password.

> Another thing to remember is that all of this is risk-assessment, not the
> boolean "has a cert" that browsers currently use.  Very emphatically not the
> browsers' "has a cert" mechanism.  So even with a worst-case key-continuity
> failure, at most you're going to move the risk slider some way towards "more
> risky" so that you have to fall back on other measures to assess a site's
> safety.  That's the main contribution of the slides, that we need to diversify
> our measures and get away from the "has a cert -> good" that's never really
> worked since it was introduced.

This is the part I agree with!

More information about the cryptography mailing list