A slight modification of my comments on PKI.

Anne & Lynn Wheeler lynn at garlic.com
Thu Jul 29 16:23:33 EDT 2010 

On 07/28/2010 10:34 PM, dan at geer.org wrote:
> The design goal for any security system is that the number of
> failures is small but non-zero, i.e., N>0.  If the number of
> failures is zero, there is no way to disambiguate good luck
> from spending too much.  Calibration requires differing outcomes.
> Regulatory compliance, on the other hand, stipulates N==0 failures
> and is thus neither calibratable nor cost effective.  Whether
> the cure is worse than the disease is an exercise for the reader.

another design goal for any security system might be "security proportional to risk". the major use of SSL in the world today is hiding financial transaction information ... currently mostly credit card transactions. One of the issues is that the value of the transaction information to the merchants (paying for majority of the infrastructure) is the transaction profit ... which can be a dollar or two. The value of the transaction information to the attackers is the associated account limit/balance, which can be several hundred to several thousand dollars. This results in a situation where the attackers can afford to outspend the defenders by 100 times or more.

somewhat because of the work on the current payment transaction infrastructure (involving SSL, by the small client/server startup that had invented SSL), in the mid-90s, we were invited to participate in the x9a10 financial standard working group (which had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments). the result was the x9.59 financial transaction standard. Part of the x9.59 financial transaction standard was slightly tweaking the paradigm and eliminating the value of the transaction information to the attackers ... which also eliminates the major use of SSL in the world today. It also eliminates the motivation behind the majority of the skimming and data breaches in the world (attempting to obtain financial transaction information for use in performing fraudulent financial transactions). note the x9.59 didn't do anything to prevent attacks on SSL, skimming attacks, data breaches, etc ... it just eliminated the
 major criminal financial motivation for such attacks.

-- 
virtualization experience starting Jan1968, online at home since Mar1970

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list