LibTomNet [v0.01]

Eric Rescorla ekr at rtfm.com
Tue Jul 8 14:53:13 EDT 2003 

Ian Grigg <iang at systemics.com> writes:

> tom st denis wrote:
> > 
> > --- Eric Rescorla <ekr at rtfm.com> wrote:
> > > [Standard rant follows... :)]
> > > I'm trying to figure out why this is a good idea even in principle.
> > 
> > Maybe its just me but SSL is overly complicated.
> 
> It's not just you.  The field seems to be evenly
> divided between those who view SSL as a mess, and
> those who view it as the only sane choice because
> so much attention has been put on it.
I'm not sure why you think that these two views are
inconsistent. Sure, SSL embodies lots of mistakes, and I'm hard on
some of those in my book. However, my experience is that when people
sit down and try to do a better job, they generally bungle it.  Tom's
attempt is only the latest example.

> The main thing that reduces SSL's applicability to
> real world problems come down to the assumption of
> certificates as part and parcel of the security
> model.
This is just wrong. There are extensions to SSL to support Kerberos,
SRP, and even primitive shared keys (see Peter Gutmann's latest draft
on this topic).

> It's definately not just you - but one of the reasons
> that it feels like that is that the SSL supporters
> tend to protect their franchise very aggresively.
It's not just SSL. I've beaten up on people who were trying to
reinvent S/MIME in this very forum. It's just that people seem to try
to reinvent SSL about 5 times more often than they try to reinvent
anything else. My guess is that that's because the channel security
problem *looks* so simple and so it seems like it should be easy to do
something simpler and better than SSL.

Incidentally, I suspect that this is what was going through Hickman's
head when he designed SSLv2, which is no doubt why it's such a botch.

> Which is a total crock.  If SSL can't make up its
> credibility in the open market place, then it isn't
> worth idolising.
Are you on crack? SSL HAS won in the market place.  It's only the
amateurs who persist on trying to reinvent it.
     
> Nonsense.  We aren't even up to being the C-team,
> we don't make the team.  And we won't ever until
> we cast off the shackles of rote acceptance, and
> start challenging SSL on its inadequacies.
> 
> Tom, you are not alone!  Dabble on!
You know, Ian, this argument would be a lot more convincing
if the people who tried to reinvent SSL didn't always
botch the job. I've yet to see one of these things that didn't
have glaring flaws that wouldn't have been made by someone
who had taken the time to really understand SSL. No doubt
that's because once you've spent some time thinking about
the problem you get driven to roughly the same set of
design decisions SSL embodies. This isn't because the
SSL authors were such geniuses, but rather because there's
basically one best way to do things.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list