WYTM?

[Tim Dierks]

At 12:28 AM 10/13/2003, Ian Grigg wrote:
>Problem is, it's also wrong.  The end systems
>are not secure, and the comms in the middle is
>actually remarkably safe.

I think this is an interesting, insightful analysis, but I also think it's 
drawing a stronger contrast between the real world and the Internet threat 
model than is warranted.

It's true that a large number of machines are compromised, but they were 
generally compromised by malicious communications that came over the 
network. If correctly implemented systems had protected these machines from 
untrustworthy Internet data, they wouldn't have been compromised.

Similarly, the statement is true at large (many systems are compromised), 
but not necessarily true in the small (I'm fairly confident that my SSL 
endpoints are not compromised). This means that the threat model is valid 
for individuals who take care to make sure that they comply with its 
assumptions, even if it may be less valid for the Internet at large.

And it's true that we define the threat model to be as large as the problem 
we know how to solve: we protect against the things we know how to protect 
against, and don't address problems at this level that we don't know how to 
protect against at this level. This is no more incorrect than my buying 
clothes which will protect me from rain, but failing to consider shopping 
for clothes which will do a good job of protecting me from a nuclear blast: 
we don't know how to make such clothes, so we don't bother thinking about 
that risk in that environment. Similarly, we have no idea how to design a 
networking protocol to protect us from the endpoints having already been 
compromised, so we don't worry about that part of the problem in that 
space. Perhaps we worry about it in another space (firewalls, better OS 
coding, TCPA, passing laws).

So, I disagree: I don't think that the SSL model is wrong: it's the right 
model for the component of the full problem it looks to address. And I 
don't think that the Internet threat model has failed to address the 
problem of host compromise: the fact is that these host compromises 
resulted, in part, from the failure of operating systems and other software 
to adequately protect against threats described in the Internet threat 
model: namely, that data coming in over the network cannot be trusted.

That doesn't change the fact that we should worry about the risk in 
practice that those assumptions of endpoint security will not hold.

  - Tim


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com