- From: Michael Warner <m.warner@trl.telstra.com.au>
- Date: Fri, 11 Oct 1996 11:57:00 +1000
- To: tomw@netscape.com
- Cc: ietf-tls@w3.org
> > The lack of a general extension mechanism in SSL v3 is a feature, not a > bug. This is a security protocol, and so susceptibility to analysis is > a good thing. Simplicity and rigidity are features here. SSL does > provide for forwards compatibility by allowing version negotiation and > protection from version rollback attacks. > I must take exception here - not with the advantages of making security protocols easy to analyse, but with the implicit assertion that SSL - and in particular the RSA based authentication/key exchange - are easily analysed. As presented in the current RFC, SSL v3 is just about the most complex security protocol I have ever looked at. In particular, determining whether it is vulnerable to "man in the middle" attacks is extremely difficult - I'm still not entirely sure whether it is for cases where the server has no certificate. The combination of hashing mechanisms, and the way in which they are used make it virtually impossible to determine the effects of any properties (including weaknesses) inherent in the actual algorithms. I would very much like to see SSL support different (and simpler) authentication mechanisms. Many have already been standardised - X.509 being a notable example. Sorry for the rant, but I just couldn't let this one go by... Cheers, Michael Warner Telstra Research Labs
Received on Thursday, 10 October 1996 22:25:01 UTC