On 09/12/2011 01:45 PM, M.R. wrote:
The system is not expected to protect individual
liberty, life or limb, nor is it expected to protect high-value
monetary transactions, intellectual property assets, state secrets
or critical civic infrastructure operations.
It never was, and yet, it is asked to do that routinely today.
This is where threat modeling falls flat.
The more generally useful a communications facility that you develop,
the less knowledge and control the engineer has about the conditions
under which it will be used.
SSL/TLS is very general and very useful. We can place very little
restriction on how it is deployed.
It will be used wherever it "works" and "feels secure". More and more
firewalls seem to be proxying port 80 and passing port 443. So it will
continue to be used a lot.
Few app layer protocol designers will say "this really wasn't part of
the SSL/TLS threat model, we should use something else". Most will say
"this is readily available and is used by critical infrastructure and
transactions of far greater value than ours".
It needs to be as secure as possible, but I freely admit that I don't
know what that means.
- Marsh
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
