November 15, 2003

theory and practice of ssl

This article on the practical problems with SSL is right on the money. Not only is SSL solving the wrong problem, it's doing it poorly. The problems here aren't completely unique to SSL. All PKI based systems (including those incorporated in WS Security and SAML) suffer from them to greater and lesser degrees. I'm always surprised that security folks still start with X.509 certs as their primary use case. Too hard and too expensive for too little real reduction of risk. Posted by dapkus at November 15, 2003 12:40 PM | TrackBack