tom st denis wrote: > > --- Eric Rescorla <[EMAIL PROTECTED]> wrote: > > [Standard rant follows... :)] > > I'm trying to figure out why this is a good idea even in principle. > > Maybe its just me but SSL is overly complicated.
It's not just you. The field seems to be evenly divided between those who view SSL as a mess, and those who view it as the only sane choice because so much attention has been put on it. (That's just my seat of the pants feel for it, in gauging the public and private responses to the series of rants on SSL I've written. And it isn't just a recent development, I've known other far more competent (than me) cryptoplumbers who were dissatisfied with SSL, going back as far as 1997.) Using SSL as a base for a new set of requirements seems to be about as complicated as a competant cryptoplumber doing his own. Obviously, SSL will give you a jumpstart in security over your homegrown crypto, but less obviously, the complications and misturns built into SSL make tuning it to your application a much harder task, and achieving a unified security model is difficult because it's not a simple starting point. The main thing that reduces SSL's applicability to real world problems come down to the assumption of certificates as part and parcel of the security model. Also, the threat model is unrealistic, and the consequent security properties seem more to derive from "what we can do" rather than "this is what your application demands and needs." It's definately not just you - but one of the reasons that it feels like that is that the SSL supporters tend to protect their franchise very aggresively. Which is odd, really, I haven't myself worked out why the supporters of a particular protocol are so adamant that one should not experiment in a field as complicated and challenging as crypto. Their attitude is religious, it is tantamount to saying that you shouldn't dare to assault the ivory tower. SSL is the officially sanctioned way of doing Internet crypto. Capice? Which is a total crock. If SSL can't make up its credibility in the open market place, then it isn't worth idolising. If you looked at it - and you say you did - and concluded you could do better on your own, then more power to you. And us all. An entire generation of crypto engineers have been fed this notion that they needn't bother with their own, which has had the net result of reducing crypto knowledge, reducing security, and leaving the net reliant on an infrastructure that just can't meet its own needs, let alone the needs of users. Somebody said we were the A-team. John Gilmore, I think, but that's from memory. Nonsense. We aren't even up to being the C-team, we don't make the team. And we won't ever until we cast off the shackles of rote acceptance, and start challenging SSL on its inadequacies. Tom, you are not alone! Dabble on! -- iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]