[Cryptography] "we need to protect [our dox] by at least encrypting them"

Michael Kjörling michael at kjorling.se
Wed Nov 9 14:58:50 EST 2016

On 8 Nov 2016 10:10 +0000, from pgut001 at cs.auckland.ac.nz (Peter Gutmann):
> just following the old "anything HTTP is unsafe, anything HTTPS is
> safe" that hasn't done anything to stop phishing, malware, or any of
> the other fun stuff on the web.

That line of reasoning is brought up time and again here. Let me ask
just one _totally honest_ question: Was SSL ever designed to protect
against such threats? (Not "sold as a way to", but "designed to".) Yes
or no? If yes, then since when?

Because if it wasn't, the above seems to me to be somewhat akin to
blaming window manufacturers because someone can take a chainsaw or a
sledgehammer to a wooden door and enter a house that way, despite the
fact that the family pet is properly cared for.

That's not to say that the threats you list are irrelevant, and that
they should be ignored in today's world; only that we can't expect
some technology to, except perhaps by pure chance, solve a problem
that _it was never even designed to solve_.

Michael Kjörling • https://michael.kjorling.semichael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)

More information about the cryptography mailing list