> The TLS protocol did not fail, what failed is the X.509v3 protocol where > algorithm choices are not made by SSL users, rather the poor choices > were made by CAs, who should have known better, and in any case have > largely phased out MD5, with Verisign (reportedly) just one month away > from completing their migration to SHA-1.
In other words, they chose the wrong algorithm, one that couldn't meet their security requirements. > No, but you forget we won't agree. I don't believe that non-experts can > come remotely close to choosing algorithms well, but they can choose from > a menu of protocols, given a reasonable description of which protocols > are alleged to solve which problem. > > TLS: channel-security > PGP or S/MIME message-security > AES-XTR disk encryption > ... Right, but we just proved that doesn't work. You can choose a secure protocol, but if it uses an underlying algorithm that doesn't meet your security requirements, you are screwed. Nothing is wrong with SSL. Nothing is wrong with TLS. Nothing is wrong with X509v3. MD5 was the problem. A security system is only as strong as its weakest link. If you pick the right algorithms, you only need pick protocols that aren't broken. If you pick the wrong algorithms, no protocol can save you. Protocols rarely have subtle security issues. Algorithms frequently do. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
