[Cryptography] "we need to protect [our dox] by at least encrypting them"

Florian Weimer fw at deneb.enyo.de
Mon Nov 7 16:41:53 EST 2016

> Here's a new data point from Wired - how long did it take the browser 
> manufacturers to respond to the bleedingly obvious failed GUI of the 
> padlock?  20 years.
> https://www.wired.com/2016/11/googles-chrome-hackers-flip-webs-security-model/
> That article is the Good, the Bad and the Ugly of security thinking. 
> Count the years - SSL and secure browsing invented in 1994, and the GUI 
> was screwed by Netscape 1.0.  Now, in 2014, a browser manufacturer 
> starts to seriously think about how to present the user a message.

I think you're missing the point.  The message at the time was that
online transactions could be made reasonably secure, so that the are
beneficial to the parties involved.  This was and is evidently true.
Back in the 90s, people weren't quite ready to believe that, so some
smart people added some cryptography nobody quite understood.  That
gave everyone the confidence they were desperate for.  That the
cryptography was broken from the start, that the X.509 standard was
completely at odds with Internet domain names (and still is today, to
some degree), that the Internet threat model was wrong even back then,
that the user interface was a mess, all that did not matter.  It
wasn't about the technical details.

More information about the cryptography mailing list