SSL, client certs, and MITM (was WYTM?)

[Tom Weinstein]

Ian Grigg wrote:

>Tom Weinstein wrote:
>  
>
>>In threat analysis, you have to base your assessment on capabilities,
>>not intentions. If an attack is possible, then you must guard against
>>it. It doesn't matter if you think potential attackers don't intend to
>>attack you that way, because you really don't know if that's true or not
>>and they can always change their minds without telling you.
>>    
>>
>In threat analysis, you base your assessment on
>economics of what is reasonable to protect.  It
>is perfectly valid to decline to protect against
>a possible threat, if the cost thereof is too high,
>as compared against the benefits.
>
>This is the reason that we cannot simply accept
>"the possible" as a basis for engineering of any
>form, let alone cryptography.  And this is the
>reason why, if we can't measure it, then we are
>probably justified in assuming it's not a threat
>we need to worry about.
>
The economic view might be a reasonable view for an end-user to take, 
but it's not a good one for a protocol designer. The protocol designer 
doesn't have an economic model for how end-users will end up using the 
protocol, and it's dangerous to assume one. This is especially true for 
a protocol like TLS that is intended to be used as a general solution 
for a wide range of applications.

In some ways, I think this is something that all standards face. For any 
particular application, the standard might be less cost effective than a 
custom solution. But it's much cheaper to design something once that 
works for everyone off the shelf than it would be to custom design a new 
one each and every time.

-- 
Give a man a fire and he's warm for a day, but set   | Tom Weinstein
him on fire and he's warm for the rest of his life.  | tomw at tellme.com 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com