Humorous anti-SSL PR
John Denker
jsd at av8n.com
Thu Jul 15 16:29:18 EDT 2004
"J Harper" <jsec at peersec.com> wrote:
>
>>This barely deserves mention, but is worth it for the humor:
>>"Information Security Expert says SSL (Secure Socket Layer) is Nothing More
>>Than a Condom that Just Protects the Pipe"
>>http://www.prweb.com/releases/2004/7/prweb141248.htm
To which Eric Rescorla replied:
> What's wrong with a condom that protects the pipe? I've used
> condoms many times and they seemed to do quite a good job
> of protecting my pipe.
The humor just keeps on coming. It's always amusing to
see an invocation of the principle that "I've tried it
on several occasions and it seemed to work, therefore
it must be trustworthy."
What's wrong with this depends, as usual, on the threat
model. Sometimes it is wise to consider other parts
of the system (not just the pipe) in the threat model.
If we set you up on a blind date with an underfed grizzly,
you might find that protecting your pipe with a condom
doesn't solve all your problems.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list