This post originated from an RSS feed registered with .NET Buzz
by Peter G Provost.
Original Post: The Myth of SSL Security
Feed Title: Peter Provost's Geek Noise
Feed URL: /error.aspx?aspxerrorpath=/Rss.aspx
Feed Description: Technology news, development articles, Microsoft .NET, and other stuff...
I was having a discussion with a colleague the other day, and they made ite very clear
that we had to have SSL on this portal server that we were about
to roll out.
"Why?" I asked.
"Because it needs to be secure," he replied.
At that point my mouth started flapping on about why I think SSL is a bunch of crap.
Needless to say, I got ignored. (It turns out that the real answer wasn't that it
needed to be secure, but that the clients who will be using it need the illusion that
it is secure.)
And then this morning I find this
article mentioned on BoingBoing.net. In it
Ian Grigg reviews the documented threat model of SSL as described in SSL
& TLS by Eric Rescorla. The original threat model for SSL was that the
end points (the server and client machines) are secure but the circuit between them
is insecure. Ian asserts that this is backwards, the boxes are insecure and the circuit
is fine.
I agree.
I won't go into a lot of detail here as Ian has done a wonderful job himself, but
everyone who recommends technology to other people should read this.
Don't assume that because you have a little padlock on your browser's status bar that
you are safe. Understand what is really going on.