> At 10:23 PM 3/29/2001 -0800, Eric Rescorla wrote:
> >> At 09:40 AM 3/28/2001 -0800, you wrote:
> >> Go take a look at the GAO report at one of these URLs. There's
> >> a section discussing SSL. It lays to rest any security illusions
> >> about SSL (basically there's not much security to it).
> >I read it. Theres no new information here.
> >
>
> Right. However it is an important examination, listing all
> the security flaws of SSL.
Uh, whatever. This was all information known to people in
the security community.

> >> They'll accept a signature chain of certs that includes a
> >> self/signed server cert (be it Verisign or some other CA).
> >> After examining three products from one fairly large software
> >> firm, I come to the conclusion that maybe close to 100% of
> >> the apps using SSL are deeply flawed from a security point of
> >> view. My observations include mistakes such as using software
> >> to generate random number seeds and sharing the same
> >> private/public key pair among multiple users or machines.
> >This really doesn't have anything specific to do with SSL. These are
> >the kind of errors that can be (and frequently are) made with any
> >cryptographic protocol. You might as well argue that cryptography as
> >a whole is pointless.
> >
>
> I disagree. SSL cannot be examined in isolation. It must be
> examined in the context of a system. To date it has been
> a difficult piece to fit into any system requiring a secure
> transport by competent programmers (who are not into security
> like us). It on x.509 certs has been a head ache for these
> programmers.
Once again, the things you're complaining about have been a problem
with essentially every cryptographic system. It's not like PGP
certificates aren't just as easy to make these kinds of mistakes
with.

The problems with SSL are essentially the problems that all of
our systems have writ large because SSL is so popular. Since
we don't have a system that's easier to work with it's silly to
argue that they're somehow specific to SSL.

> I am not arguing that these cannot occur. It's just that they are
> unlikely compared with stealing unencrypted databases of credit card
> numbers.
The purpose of SSL is to ensure that this is the case.

> Beside even these are snooped off the wire, we're talking
> onsey, twosey type stuff (mainly because of the effectively random
> routes each packet takes), plus Visa limits our liability.
Routing isn't as random as you make it out to be. More importantly,
if one compromises one of the big ISPs you're going to see pretty
much all of the traffic to their customers.

-Ekr

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]