On 2011-09-18 4:34 PM, M.R. wrote:
SSL was designed to protect relatively low-value retail commerce,
and it still does that job reasonably well.
What failed were our mechanisms to ensure that system usage regime does
not exceed it's design parameters. If I can be flippant, SSL was a
pedestrian bridge which ended up used to drive 18-wheelers across it.
What failed was the total absence of an equivalent of a notice in
big red letters somewhere on the access ramp: "this structure is not
capable of carrying heavy vehicles. If you use it to do so, it will
collapse and you will get hurt or killed".
If we acknowledge that SSL is not secure, then need something that is
secure.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
