Eric Rescorla wrote: > > Ian Grigg <[EMAIL PROTECTED]> writes: > > I'm sorry, but, yes, I do find great difficulty > > in not dismissing it. Indeed being other than > > dismissive about it! > > > > Cryptography is a special product, it may > > appear to be working, but that isn't really > > good enough. Coincidence would lead us to > > believe that clear text or ROT13 were good > > enough, in the absence of any attackers. > > > > For this reason, we have a process. If the > > process is not followed, then coincidence > > doesn't help to save our bacon.
> Disagree. Once again, SSL meets the consensus threat > model. It was designed that way partly unconsciously, > partly due to inertia, and partly due to bullying by > people who did have the consensus threat model in mind. (If you mean that the ITM is consenus, I grant you that two less successful protocols follow it - S/MIME and IPSec (partly) but I don't think that makes it consensus. I know there are a lot of people who don't think in any other terms than this model, and that is the issue! There are also a lot of people who think in terms completely opposed to ITM. So to say that ITM is consensus is something that is going to have to be established. If that's not what you mean, can you please define?) > That's not the design process I would have liked, > but it's silly to say that a protocol that matches > the threat model is somehow automatically the wrong > thing just because the designers weren't as conscious > as one would have liked. I'm not sure I ever said that the protocol doesn't match the threat model - did I? What I should have said and hoped to say was that the protocol doesn't match the application. I don't think I said "automatically," either. I did hold out hope in that rant of mine that the designers could have accidentally got it right. But, they didn't. Now, SSL, by itself, within the bounds of the ITM is actually probably pretty good. By all reports, if you want ITM, then SSL is your best choice. But, we have to be very careful to understand that any protocol has a given set of characteristics, and its applicability to an application is an uncertain thing; hence the process of the threat model and the security model. In SSL's case, one needs to say "use SSL, but only if your threat model is close to ITM." Or similar. Hence the title of this rant. The error of the past has been that too many people have said something like "Use SSL, because we already got it right." Which, unfortunately, skips the whole issue of what threat model one is dealing with. Just like happened with secure browsing. In this case, the ITM was a) agreed upon after the fact to fill in the hole, and b) not the right one for the application. > > > And on the client side the user can, of course, click "ok" to the "do > > > you want to accept this cert" dialog. Really, Ian, I don't understand > > > what it is you want to do. Is all you're asking for to have that > > > dialog worded differently? > > > > > > There should be no dialogue at all. Going from > > HTTP to HTTPS/self signed is a mammoth increase > > in security. Why does the browser say it is > > less/not secure? > Because it's giving you a chance to accept the certificate, > and letting you know in case you expected a real cert that > you're not getting one. My interpretation - which you won't like - is that it is telling me that this certificate is bad, and asking whether me if I am sure I want to do this. A popup is symonymous with bad news. It shouldn't be used for good news. As a general theme, that is, although this is the reason I cited that paper: others have done work on this and they are a long way ahead in their thinking, far beyond me. > > > It's not THAT different from what > > > SSH pops up. > > > > > > (Actually, I'm not sure what SSH pops up, it's > > never popped up anything to me? Are you talking > > about a windows version?) > SSH in terminal mode says: > > "The authenticity of host 'hacker.stanford.edu (171.64.78.90)' can't be established. > RSA key fingerprint is d3:a8:90:6a:e8:ef:fa:43:18:47:4c:02:ab:06:04:7f. > Are you sure you want to continue connecting (yes/no)? " > > I actually find the Firebird popup vastly more understandable > and helpful. I'm not sure I can make much of your point, as I've never heard of nor seen a Firebird? iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]