The Artima Developer Community
Sponsored Link

.NET Buzz Forum
The Myth of SSL Security

0 replies on 1 page.

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 0 replies on 1 page
Peter G Provost

Posts: 849
Nickname: pprovost
Registered: Aug, 2003

Peter G Provost is a Solution Architect for Interlink Group in Denver, CO.
The Myth of SSL Security Posted: Oct 21, 2003 9:35 AM
Reply to this message Reply

This post originated from an RSS feed registered with .NET Buzz by Peter G Provost.
Original Post: The Myth of SSL Security
Feed Title: Peter Provost's Geek Noise
Feed URL: /error.aspx?aspxerrorpath=/Rss.aspx
Feed Description: Technology news, development articles, Microsoft .NET, and other stuff...
Latest .NET Buzz Posts
Latest .NET Buzz Posts by Peter G Provost
Latest Posts From Peter Provost's Geek Noise

Advertisement

I was having a discussion with a colleague the other day, and they made ite very clear that we had to have SSL on this portal server that we were about to roll out.

"Why?" I asked.

"Because it needs to be secure," he replied.

At that point my mouth started flapping on about why I think SSL is a bunch of crap. Needless to say, I got ignored. (It turns out that the real answer wasn't that it needed to be secure, but that the clients who will be using it need the illusion that it is secure.)

And then this morning I find this article mentioned on BoingBoing.net. In it Ian Grigg reviews the documented threat model of SSL as described in SSL & TLS by Eric Rescorla. The original threat model for SSL was that the end points (the server and client machines) are secure but the circuit between them is insecure. Ian asserts that this is backwards, the boxes are insecure and the circuit is fine.

I agree.

I won't go into a lot of detail here as Ian has done a wonderful job himself, but everyone who recommends technology to other people should read this.

Don't assume that because you have a little padlock on your browser's status bar that you are safe. Understand what is really going on.

Read: The Myth of SSL Security

Topic: MSBuild talk at PDC Previous Topic   Next Topic Topic: Career crossroads

Sponsored Links



Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use