WYTM?

[Ian Grigg]

Eric,

thanks for your reply!

My point is strictly limited to something
approximating "there was no threat model
for SSL / secure browsing."  And, as you
say, you don't really disagree with that
100% :-)

With that in mind, I think we agree on this:


> > [9] I'd love to hear the inside scoop, but all I
> > have is Eric's book.  Oh, and for the record,
> > Eric wasn't anywhere near this game when it was
> > all being cast out in concrete.  He's just the
> > historian on this one.  Or, that's the way I
> > understand it.
> 
> Actually, I was there, though I was an outsider to the
> process. Netscape was doing the design and not taking much
> input. However, they did send copies to a few people and one
> of them was my colleague Allan Schiffman, so I saw it.

OK!

> It's really a mistake to think of SSL as being designed
> with an explicit threat model. That just wasn't how the
> designers at Netscape thought, as far as I can tell.


Well, that's the sort of confirmation I'm looking
for.  From the documents and everything, it seems
as though the threat model wasn't analysed, it was
just picked out of a book somewhere.  Or, as you
say, even that is too kind, they simply didn't
think that way.

But, this is a very important point.  It means that
when we talk about secure browsing, it is wrong to
defend it on the basis of the threat model.  There
was no threat model.  What we have is an accident
of the past.

Which is great.  This means there is no real objection
to building a real threat model.  One more appropriate
to the times, the people, the applications, the needs.

And the today-threats.  Not the bogeyman threats.


> Incidentally, Ian, I'd like to propose a counterargument
> to your argument. It's true that most web traffic
> could be encrypted if we had a more opportunistic key
> exchange system. But if there isn't any substantial
> sniffing (i.e. the wire is secure) then who cares?


Exactly.  Why do I care?  Why do you care?

It is mantra in the SSL community and in the
browsing world that we do care.  That's why
the software is arranged in a a double lock-
in, between the server and the browser, to
force use of a CA cert.

So, if we don't care, why do we care?  What
is the reason for doing this?  Why are we
paying to use free software?  What paycheck
does Ben draw from all our money being spent
on this "i don't care" thing called a cert?

Some people say "because of the threat model."

And that's what this thread is about:  we
agree that there is no threat model, in any
proper sense.  So this is a null and void
answer.

Other people say "to protect against MITM.
But, as we've discussed at length, there is
little or no real or measurable threat of MITM.

Yet others say "to be sure we are talking
to the merchant."  Sorry, that's not a good
answer either because in my email box today
there are about 10 different attacks on the
secure sites that I care about.  And mostly,
they don't care about ... certs.  But they
care enough to keep doing it.  Why is that?



Someone made a judgement call, 9 or so years
ago, and we're still paying for that person
caring on our behalf, erroneously.

Let's not care anymore.  Let's stop paying.

I don't care who it was, even.  I just want
to stop paying for his person, caring for me.

Let's start making our own security choices?

Let crypto run free!

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com