[14043] in cryptography@c2.net mail archive
Re: SSL's threat model
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Sat Sep 6 19:15:03 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: iang@systemics.com
Cc: crypto <cryptography@metzdowd.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 06 Sep 2003 11:30:35 -0700
In-Reply-To: <3F5918DE.D565FA9F@systemics.com>
Ian Grigg <iang@systemics.com> writes:
> Does anyone have any pointers to the SSL threat model?
>
> I have Eric Rescorla's book and slides talking about the
> Internet threat model.
>
> The TLS RFC (http://www.faqs.org/rfcs/rfc2246.html) says
> nothing about threat models that I found.
Yeah. You can kind of infer it from the security analysis at
the end, but I agree it's not optimal. It's important to
remember that the guy who originally designed SSL (Kipp Hickman)
wasn't a security guy and doesn't seem to really have had
a threat model in mind.
When I write about it, generally try to summarize what I think
the implicit threat model is based on my memory of the zeitgeist
at the time and the characteristics of SSL.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
