What’s Your Business Model?…

Tim Oren comments on the history of SSL in the context of where the risks really are.

Grigg is right that if the actual threat had been analyzed, the focus would have been on the server (Willy Sutton: “That’s where the money is.”), not hypothetical packet sniffers. But that wouldn’t have created a client/server lock-in, so it didn’t fit the actual goals. Security designers – paranoids by trade – would be well advised to find an equivalently cynical business type to vet their ideas.

While we’re talking about SSL, a tip of the hat to Paul Kocher and Taher Elgamal — for doing the right things at the time.

One reply on “What’s Your Business Model?…”

The history of your threat model

Ian Grigg posted a screed about how the threats SSL is intended to counter (network eaves dropper) are not the most common threats that web users actually face (trojans, worms, and other host-based security problems). He talks about the need…

This site uses Akismet to reduce spam. Learn how your comment data is processed.