On Thursday, October 10, 2013, Salz, Rich wrote:

> > TLS was designed to support multiple ciphersuites. Unfortunately this
> opened the door
> > to downgrade attacks, and transitioning to protocol versions that
> wouldn't do this was nontrivial.
> > The ciphersuites included all shared certain misfeatures, leading to the
> current situation.
> On the other hand, negotiation let us deploy it in places where
> full-strength cryptography is/was regulated.
> Sometimes half a loaf is better than nothing.

 The last time various SSL/TLS ciphersuites needed to be removed from
webserver configurations when I managed a datacenter some years ago led to
the following 'failure modes', either from the user's browser now warning
or refusing to connect to a server using an insecure cipher suite, or when
the only cipher suites used by a server weren't supported by an old browser
(or both at once):

1) for sites that had low barriers to switching, loss of traffic/customers
to sites that didn't drop the insecure ciphersuites

2) for sites that are harder to leave (your bank, google/facebook level
sticky public ones [less common]), large increases in calls to support,
with large costs for the business. Non-PCI compliant businesses taking CC
payments are generally so insecure that customers that fled to them really
are uppung their chances of suffering  fraud.

In both cases you have a net decrease of security and an increase of fraud
and financial loss.

So in some cases anything less than a whole loaf, which you can't guarantee
for N years of time, isn't 'good enough.' In other words, we are screwed no
matter what.

-David Mercer

David Mercer - http://dmercer.tumblr.com
IM:  AIM: MathHippy Yahoo/MSN: n0tmusic
Facebook/Twitter/Google+/Linkedin: radix42
FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7
PGP Public Key: http://davidmercer.nfshost.com/radix42.pubkey.txt
Fingerprint: A24F 5816 2B08 5B37 5096  9F52 B182 3349 0F23 225B
The cryptography mailing list

Reply via email to