Humorous anti-SSL PR
Anton Stiglic
astiglic at okiok.com
Thu Jul 15 16:23:12 EDT 2004
>This barely deserves mention, but is worth it for the humor:
>"Information Security Expert says SSL (Secure Socket Layer) is Nothing More
>Than a Condom that Just Protects the Pipe"
>http://www.prweb.com/releases/2004/7/prweb141248.htm
The article says
"The weaknesses of SSL implementations have been well known amongst security
professionals, but their argument has been that SSL is the best tool
currently on offer. The fact that it can be spoofed and is open to man in
the middle attacks is played down."
O.k., so if there is a vulnerability in a particular implementation there
might be a possible MITM attack. Also possible to do MITM if user doesn't
do proper verification. But I wouldn't say that SSL implementations in
general are suspect to MITM attacks.
Later in the article it is written:
"What we can be certain of is that it is not possible to have a
man-in-the-middle attack with FormsAssurity - encryption ensures that the
form has really come from the claimed web site, the form has not been
altered, and the only person that can read the information filled in on the
form is the authorized site."
O.k., so how do they achieve such assurances?
Eric's comment about condoms being effective is right, so bad analogy as
well!
--Anton
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list