W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 13 Apr 2012 18:15:31 +1200
Message-ID: <4F87C483.2080402@treenet.co.nz>
To: ietf-http-wg@w3.org
On 7/04/2012 4:02 a.m., William Chan (ι™ˆζ™Ίζ˜Œ) wrote:
> I don't like this analogy. Humans have basic immune defenses. In most 
> places, we put locks on public facing doors. We send mail in sealed 
> envelopes. Yet we send almost all our browsing traffic in the clear. 
> Come on guys.
>
> And it's not like there aren't enough organizations out there trying 
> to break SSL already. I think they're already pretty motivated.

I think its a great analogy. Door locks are themselves a bygone security 
technology that was top of the line once and got broadly deployed, even 
there its still "most places" with patchy lock coverage in "legacy" 
country areas and postcards. The result, lock picks as sophisticated as 
rammers.

No use trying a lock pick against a bank safe though, or using an RFID 
scanner against a country hick with barred windows. Variation and 
appropriate application is the backbone of real security. We just need 
to keep that in mind when thinking of rolling TLS into everywhere.

AYJ
Received on Friday, 13 April 2012 06:16:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:52:00 GMT