On 09/12/2011 02:50 PM, Ian G wrote:
On 13/09/2011, at 5:12, Marsh Ray<[email protected]> wrote:
It never was, and yet, it is asked to do that routinely today.
This is where threat modeling falls flat.
The more generally useful a communications facility that you
develop, the less knowledge and control the engineer has about the
conditions under which it will be used.
SSL/TLS is very general and very useful. We can place very little
restriction on how it is deployed.
To be fair, I think this part has been done very well by the
designers. I get the feeling that the original designers really
didn't understand anything at the business and architecture side,
What I hear from the old-timers is that Netscape did, in fact, design it
with the explicit goal of getting people to feel comfortable about using
their CC#s online. It was certainly marketed that way, on television even.
On the other hand, give an engineer that requirement and you're likely
to end up with a low level toolbox.
so
backed off and decided to secure a low level toolbox as best as
possible. In this case TCP.
I guess we've all been there, I know I have.
If they had then said SSL (inc. PKI) secures TCP against a broad
range of attacks, then all would have been consistent.
What part of "Secure Sockets Layer" is ambiguous?
Especially back in the 90's - active attacks and MitM were not always
taken seriously in the threat model. Perhaps similar to how car
manufacturers seem to regard the threat of targeted RF attacks via
Bluetooth today.
For example, this Schneier-Mudge-Wagner paper from 1999
http://www.schneier.com/paper-pptpv2.html
completely ignores the active attack which allows authentication
forwarding. I ran down Mudge at a conference and asked him about it, he
said "yeah, we just weren't considering it".
SSL was developed several years before that. I doubt its designers had a
good idea what the PKI it would be hung from would look like.
Even today we hear knowledgeable people still saying "MitM is so hard
that the attacker will probably just do X instead".
But, as soon as we get to business, these claims loose foundation.
Can it be used to secure credit cards? Websites? Love-chat?
Dissident planning?
The answer is ... Dunno! Seriously, we have no clue.
Well we know what it's not good for (in its current form).
This attack data has got to be dynamite for the Bayesian risk analysts
in the industry.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
