Is cryptography where security took the wrong branch?

Eric Rescorla ekr at rtfm.com
Wed Sep 3 10:22:25 EDT 2003


Ian Grigg <iang at systemics.com> writes:
> Eric Rescorla wrote:
> > Ian Grigg <iang at systemics.com> writes:
> > I think it's pretty
> > inarguable that SSL is a big success.
> 
> One thing that has been on my mind lately is how
> to define success of a crypto protocol.  I.e.,
> how to take your thoughts, and my thoughts, which
> differ, and bring the two together.
> 
> There appear to be a number of metrics that have
> been suggested:
> 
>    a.  nunber of design "wins"
>    b.  penetration into equivalent unprotected
>        market
>    c.  number of actual attacks defeated
>    d.  subjective good at the application level
>    e.  worthless measures such as deployed copies,
>        amount of traffic protected
> 
> All of these have their weaknesses, of course.
> It may be that a composite measure is required
> to define success.  I'm sure there are more
> measures.
> 
> a. The only thing that seems to be clearly a win
> for SSL is the number of design wins - quite
> high.  That is, it would appear that when someone
> is doing a new channel security application, the
> starting point is to consider SSL.
> 
> b. we seem to be agreeing on 1% penetration of
> the market, at least by server measurement (see
> my other post where I upped that to 1.24% in the
> most recent figures).
This really depends on your definition of market.
SSL was designed to protect credit card transactions, period.
For that, the market penetration is near 100%.

> d.  subjective good.  For HTTPS, again, it's a
> decidedly mixed score card.  When I go shopping
> at Amazon, it makes little difference to me, because
> the loss of info doesn't effect me as much as it
> might - $50 limit on liability.
That $50 limit is a funny thing.

I look at it this way:
You don't PERSONALLY eat the cost of fraud on your own
card but you eat the cost of fraud on other people's cards.
Thus, as in many situations, it's in your interest for
everyone else to practice good hygiene.

In this particular case, the issuers were *very* wary
of providing credit card transactions over the Internet
without some sort of encryption. So, SSL is what enables
you to do e-commerce on the net. That seems like a large
subjective good.

> > Actually, I think that SSL has the right model for the application
> > it's intended for. SSH has the right model for the application it
> > was intended for. Horses for courses.
> 
> Plenty of room for future discussion then :-)
> 
> (I sense your pain though - I see from the SHTTP
> experiences, you've been through the mill. 
Vis a vis SHTTP, I'm not sure if that was the right design
or SSL was. However, they had relatively similar threat models.

> I'm almost convinced that WEP is a failure, but
> I think it retains some residual value.
I agree. After all, I occasionally come upon a network I'd
like to use and WEP stops me cause I'm too lazy. On the other
hand, MAC restrictions would have done just as well for that.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list