[Cryptography] [cryptography] Is it time for a revolution to replace TLS?

Phillip Hallam-Baker phill at hallambaker.com
Sat May 17 13:24:11 EDT 2014


On Sat, May 17, 2014 at 10:06 AM, Salz, Rich <rsalz at akamai.com> wrote:
>> One problem that occurred with TLS was that there was an assumption that the job was to secure the reliable stream connection mechanics of TCP.  False assumption.
>
> Not false, that was a design goal.  Make HTTP, which is a TCP protocol, "secure" (for some definition of secure which isn't relevant right now, actually).

Well they were thinking more generally, they wanted to secure other
protocols like NNTP


>> A second problem was that the design was too intertwined with commercial PKI so certs were hung on the side as a millstone for server authentication
>
> SSL was invented to enable electronic commerce, and the concern was that people would have to feel comfortable that they were sending their credit card information to Sears, not Sores. So server-side authentication, in the form of trusted third parties, was felt to be the best way forward. So RSA with certificates was the answer, and IIRC RSA got a piece of Netscape equity in exchange for a license.

The design goal was to make shopping online as secure as shopping in
person. Which did not mean eliminating all risk, the goal was to
reduce the risk to the point that the insurance surcharge on credit
card transactions covered the losses.

And that enabled electronic commerce which has added about a trillion
dollars to annual GDP. Which is a pretty good result.


>> Pretty much nobody uses streams by design, they use datagrams.
>
> Except for the web, yeah, nobody.

Well EKR and myself were proposing to add security at the message
layer (S-HTTP, SHEN). Which is a scheme I have resurrected recently
because with Web services TLS is not really a good fit for client
authentication because a Web service transaction often has endpoints
that are not the TLS transaction endpoints.

These days of course the main impact of that early work is in patent
lawsuit defenses.


>> TLS does the job so badly that using a different method is just as plausible.
>
> Except for the web deployed base, sure.

I don't think we will ever want to get abandon security at the
transport layer. But supplementing it at the message layer makes a lot
of sense.

Twenty years ago we barely had the CPU to do RSA1024. We had to make a
choice between layers. Today we should be doing multiple layer
security. Transport AND Message layer.


More information about the cryptography mailing list