Re: How secure is SSL emails?

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 07/02/04

Next message: Chairman of the Ozzy Osbourne Appreciation Society: "Re: Riemann Hypothesis and P vs NP"

Previous message: David Wagner: "Re: How secure is SSL emails?"
In reply to: Vernon Schryver: "Re: How secure is SSL emails?"
Next in thread: David Wagner: "Re: How secure is SSL emails?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 1 Jul 2004 22:05:21 +0000 (UTC)

Vernon Schryver wrote:
>David Wagner <daw-usenet@taverner.cs.berkeley.edu> wrote:
>> * does the right thing with 4.[34]BSD derivatives and Solaris 2, but
>> * may occasionally miss source routing options on incompatible
>> * systems such as Linux. Their choice.
>> [...]
>>This illustrates some of the pitfalls of unsafe defaults and the risks
>>of blacklisting bad options rather than whitelisting known good options.
>
>I disagree and say that it illustrates the pitfalls of trying to write
>portable code, and the major dangers in trying to write portable code
>with security implications.

Yes, that too. The point is that enabling source routing increases
the number of things that can go wrong in your software. It increases
the size and complexity of your trusted computing base and thereby increases
the likelihood of software bugs that compromise security. Taking on those
kinds of additional risks is not prudent engineering practice.

>Your reasoning is based on the premise that source routing is a security
>risk without any value. Given that premise, of course you are right.

Well, that's not quite my premise, although it is pretty close; I
believe the benefits are small, while the risks are large and often
underestimated. You might disagree with that assessment, and that's
your prerogative. Still, you should recognize that the problem is more
subtle than you seem to have acknowledged. Part of the issue is that
the people who incur the risks (if source routing is enabled) are not
the ones who accrue the benefits.

You're trying to argue that everyone else should enable source routing, so
that you run 'traceroute -G'. But why should everyone else be required
to take on security risks with no benefit to them? If some generous
souls want to provide that resource to the community and deal with the
associated security risks, that's their right -- but if others don't
want to make that tradeoff, that's also their right, too.

Next message: Chairman of the Ozzy Osbourne Appreciation Society: "Re: Riemann Hypothesis and P vs NP"

Previous message: David Wagner: "Re: How secure is SSL emails?"
In reply to: Vernon Schryver: "Re: How secure is SSL emails?"
Next in thread: David Wagner: "Re: How secure is SSL emails?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IIS6 on W2k3 DCs
... And I'll point you to the SBS newsgroups where we are running IIS on our ... the budget and the risks and balance this. ... >> Where's MY security risks these days? ... Am I freaking out over admin rights on desktops? ...
(Focus-Microsoft)
Re: Senior management really concerns about security?
... Netragard Whitepaper Downloads: ... Attain sign off on those risks by the senior management. ... personnel understands the potential security risks involved. ...
(Security-Basics)
Re: Boxed pizza
... innterpreted my not using fb as some personal affront to her, ... i encounter, i judge its usefulness verses its risks, i have ... I don't see the security risks as a big deal so long as one does ...
(rec.food.cooking)
Re: PHP blamed for security problems
... > By not running code taken from remote machines, ... >> and flags possible security risks. ... scripts just b4 release so that they can get a report of possible security ...
(comp.lang.php)