SSL's threat model

Eric Rescorla ekr at rtfm.com
Sat Sep 6 14:30:35 EDT 2003


Ian Grigg <iang at systemics.com> writes:
> Does anyone have any pointers to the SSL threat model?
> 
> I have Eric Rescorla's book and slides talking about the
> Internet threat model.
> 
> The TLS RFC (http://www.faqs.org/rfcs/rfc2246.html) says
> nothing about threat models that I found.
Yeah.  You can kind of infer it from the security analysis at
the end, but I agree it's not optimal. It's important to
remember that the guy who originally designed SSL (Kipp Hickman)
wasn't a security guy and doesn't seem to really have had
a threat model in mind.
 
When I write about it, generally try to summarize what I think
the implicit threat model is based on my memory of the zeitgeist
at the time and the characteristics of SSL.

-Ekr

-- 
[Eric Rescorla                                   ekr at rtfm.com]
                http://www.rtfm.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list