LibTomNet [v0.01]

Ian Grigg iang at systemics.com
Tue Jul 8 14:24:39 EDT 2003


tom st denis wrote:
> 
> --- Eric Rescorla <ekr at rtfm.com> wrote:
> > [Standard rant follows... :)]
> > I'm trying to figure out why this is a good idea even in principle.
> 
> Maybe its just me but SSL is overly complicated.

It's not just you.  The field seems to be evenly
divided between those who view SSL as a mess, and
those who view it as the only sane choice because
so much attention has been put on it.

(That's just my seat of the pants feel for it, in
gauging the public and private responses to the
series of rants on SSL I've written.  And it isn't
just a recent development, I've known other far
more competent (than me) cryptoplumbers who were
dissatisfied with SSL, going back as far as 1997.)

Using SSL as a base for a new set of requirements
seems to be about as complicated as a competant
cryptoplumber doing his own.  Obviously, SSL will
give you a jumpstart in security over your homegrown
crypto, but less obviously, the complications and
misturns built into SSL make tuning it to your
application a much harder task, and achieving a
unified security model is difficult because it's
not a simple starting point.

The main thing that reduces SSL's applicability to
real world problems come down to the assumption of
certificates as part and parcel of the security
model.  Also, the threat model is unrealistic, and
the consequent security properties seem more to
derive from "what we can do" rather than "this is
what your application demands and needs."

It's definately not just you - but one of the reasons
that it feels like that is that the SSL supporters
tend to protect their franchise very aggresively.

Which is odd, really, I haven't myself worked out
why the supporters of a particular protocol are
so adamant that one should not experiment in a
field as complicated and challenging as crypto.

Their attitude is religious, it is tantamount to
saying that you shouldn't dare to assault the ivory
tower.  SSL is the officially sanctioned way of
doing Internet crypto.  Capice?

Which is a total crock.  If SSL can't make up its
credibility in the open market place, then it isn't
worth idolising.

If you looked at it - and you say you did - and
concluded you could do better on your own, then
more power to you.  And us all.

An entire generation of crypto engineers have been
fed this notion that they needn't bother with their
own, which has had the net result of reducing crypto
knowledge, reducing security, and leaving the net
reliant on an infrastructure that just can't meet
its own needs, let alone the needs of users.

Somebody said we were the A-team.  John Gilmore, I
think, but that's from memory.

Nonsense.  We aren't even up to being the C-team,
we don't make the team.  And we won't ever until
we cast off the shackles of rote acceptance, and
start challenging SSL on its inadequacies.

Tom, you are not alone!  Dabble on!

-- 
iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list