Amir Herzberg wrote:
(Amir, I replied to your other comments over on the Mozilla security forum, which is presumably where they will be more useful. That just leaves this:)
So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe `Stop SSL-Abuse!`
Ha! I wondered when someone would take me to task over that title :-)
Here's the thing: the title comes from a seminal paper called "Gotos considered harmful [1]" This was a highly controversial paper in the 70s or so that in no small part helped the development of structured programming.
What the author of that paper was trying to say was not that the Goto was bad, but its use was substantially related to poor programming practice.
And that's the point I'm making. The Goto is just a tool like any other. But, the Goto became a tool over- deployed and widely abused, as its early and liberal use by a programmer took no account of later maintenance costs that were incurred by the owner of the code. So the Goto became synonymous with bad programming and excessive costs.
The same situation exists with SSL/TLS. As a protocol, it's a fine tool. It's strong, it's well reviewed, and it has corrected its deficiencies over time.
But, it also comes with a wider security model. For starters, the CA-signed regime. As well as that, it comes with a variety of other baggage, which basically amounts to "use SSL/TLS as it is recommended and you will be secure."
Unfortunately, this is wrong, and the result is bad security practice. Yet, we do have a generation of people out there believing that because they have put huge amounts of effort into implementing SSL with its certs regime that they are secure.
We can see this ludicrous situation with the email and chat variants of SSL / cert protected traffic. In those cases the result is the same: If one suggests that the correct approach is for them to use SSCs (self signed certs) or equivalent, people go all weak and wobbly at the knees and start ranting on about how those are insecure.
Yet these same systems are totally open to attacks at the nodes and often to the intermediate hops, which of course is where 99% of the attacks are [2].
These programmers truly believe that in order to get security, they must deploy SSL. As the manual tells them to. They are truly wrong. In this, SSL has harmed them, because it has blinded them to the real risks that they are facing.
It's not the tool that has hurt them, but as you suggest the abuse of the tool. Edsgar Dijkstra called for the abolition of Gotos as the way to address the harm he saw being done. That solution may offend, as the tool itself cannot have harmed.
But, how else can we stop people deploying the tool so abusively?
iang
[1] Edsger W. Dijkstra, "Go To Statement Considered Harmful," http://www.acm.org/classics/oct95/
[2] Jabber's use of SSL seems to mirror STARTTLS. They both protect the traffic on the wire, but not at rest on the hops. The certificate system built into mailers (name?) at least organises an end-to-end packet protection, thus leaving the two end nodes as the places at most risk, still by far the most likely place to be attacked.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
