On Aug 2, 2010, at 4:19 PM, Paul Wouters wrote:
...Of course, TLS hasn't been successful in the sense that we care
about
most. TLS has had no impact on how users authenticate (we still send
usernames and passwords) to servers, and the way TLS authenticates
servers to users turns out to be very weak (because of the plethora
of
CAs, and because transitive trust isn't all that strong).
Let's first focus on foiling the grand scale of things by protecting
against passive attacks of large scale monitoring. Then let's worry
about protecting against active targetted attacks....
It's worth pointing out that you're here making a value judgement -
and, in effect, a political argument. Large scale monitoring is
mainly, if not entirely, something governments do. It's unlikely to
be cost-effective for the commercial attackers we see today. Active,
targeted attacks, on the other hand, seem to be the purview of many
sophisticated attackers today - both governmental and non-governmental.
Cryptographic theory can help you decide which of these classes of
attackers you should be more concerned about.
BTW, economics is everywhere. Suppose you had a cryptographic
technique that was quick and easy to apply, but also cheap to break -
say, $1 per message. Pretty useless, right? But now imagine that
every message is encrypted using this poor technique. No individual
message, once known through external signals to have value greater
than $1, is safe - but the aggregate of billions of messages being
transfered every day is safe against any plausible attacker.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
