SSL, client certs, and MITM (was WYTM?)
Tom Weinstein
tweinst at pacbell.net
Wed Oct 22 20:32:50 EDT 2003
Ian Grigg wrote:
>Tom Weinstein wrote:
>
>
>>In threat analysis, you have to base your assessment on capabilities,
>>not intentions. If an attack is possible, then you must guard against
>>it. It doesn't matter if you think potential attackers don't intend to
>>attack you that way, because you really don't know if that's true or not
>>and they can always change their minds without telling you.
>>
>>
>In threat analysis, you base your assessment on
>economics of what is reasonable to protect. It
>is perfectly valid to decline to protect against
>a possible threat, if the cost thereof is too high,
>as compared against the benefits.
>
>This is the reason that we cannot simply accept
>"the possible" as a basis for engineering of any
>form, let alone cryptography. And this is the
>reason why, if we can't measure it, then we are
>probably justified in assuming it's not a threat
>we need to worry about.
>
The economic view might be a reasonable view for an end-user to take,
but it's not a good one for a protocol designer. The protocol designer
doesn't have an economic model for how end-users will end up using the
protocol, and it's dangerous to assume one. This is especially true for
a protocol like TLS that is intended to be used as a general solution
for a wide range of applications.
In some ways, I think this is something that all standards face. For any
particular application, the standard might be less cost effective than a
custom solution. But it's much cheaper to design something once that
works for everyone off the shelf than it would be to custom design a new
one each and every time.
--
Give a man a fire and he's warm for a day, but set | Tom Weinstein
him on fire and he's warm for the rest of his life. | tomw at tellme.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list