On `SSL considered harmful`, correct use of condoms and SSL abuse

Ian Grigg iang at systemics.com
Sun Jul 18 07:09:39 EDT 2004 

Amir Herzberg wrote:

(Amir, I replied to your other comments over on the
Mozilla security forum, which is presumably where they
will be more useful.  That just leaves this:)

> So while `SSL is harmful` sounds sexy, I think it is misleading. Maybe 
> `Stop SSL-Abuse!`

Ha!  I wondered when someone would take me to task over
that title :-)

Here's the thing:  the title comes from a seminal paper
called "Gotos considered harmful [1]"  This was a highly
controversial paper in the 70s or so that in no small
part helped the development of structured programming.

What the author of that paper was trying to say was not
that the Goto was bad, but its use was substantially
related to poor programming practice.

And that's the point I'm making.  The Goto is just a
tool like any other.  But, the Goto became a tool over-
deployed and widely abused, as its early and liberal
use by a programmer took no account of later maintenance
costs that were incurred by the owner of the code.  So
the Goto became synonymous with bad programming and
excessive costs.

The same situation exists with SSL/TLS.  As a protocol,
it's a fine tool.  It's strong, it's well reviewed, and
it has corrected its deficiencies over time.

But, it also comes with a wider security model.  For
starters, the CA-signed regime.  As well as that, it
comes with a variety of other baggage, which basically
amounts to "use SSL/TLS as it is recommended and you
will be secure."

Unfortunately, this is wrong, and the result is bad
security practice.  Yet, we do have a generation of
people out there believing that because they have put
huge amounts of effort into implementing SSL with
its certs regime that they are secure.

We can see this ludicrous situation with the email
and chat variants of SSL / cert protected traffic.
In those cases the result is the same:  If one
suggests that the correct approach is for them to
use SSCs (self signed certs) or equivalent, people
go all weak and wobbly at the knees and start ranting
on about how those are insecure.

Yet these same systems are totally open to attacks
at the nodes and often to the intermediate hops,
which of course is where 99% of the attacks are [2].

These programmers truly believe that in order to
get security, they must deploy SSL.  As the manual
tells them to.  They are truly wrong.  In this,
SSL has harmed them, because it has blinded them
to the real risks that they are facing.

It's not the tool that has hurt them, but as you
suggest the abuse of the tool.  Edsgar Dijkstra
called for the abolition of Gotos as the way to
address the harm he saw being done.  That solution
may offend, as the tool itself cannot have harmed.

But, how else can we stop people deploying the tool
so abusively?


iang


[1] Edsger W. Dijkstra, "Go To Statement Considered Harmful,"
http://www.acm.org/classics/oct95/

[2] Jabber's use of SSL seems to mirror STARTTLS.
They both protect the traffic on the wire, but not
at rest on the hops.  The certificate system built
into mailers (name?) at least organises an end-to-end
packet protection, thus leaving the two end nodes
as the places at most risk, still by far the most
likely place to be attacked.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list