You know, at some point we should really re-evaluate the use of SSL in our Web architectures. Let's face it, it hasn't really done much for us:
1) Users read way too much into its functional value.
2) The threat model for sensitive Web data has never been one of sniffing traffic. There are still way too many accessible websites for this to be the case.
3) If you are going to compromise some device, you might as well compromised the host and not some intermediate device.
4) The bad guys are now leveraging SSL more and more to shield their activities from good guy sniffers.
Sure, it is needed nowadays for basic authentication protection, but we really shouldn't be using userid/password pairs in clear text anyway.
On point 4, I think its also worth discussing how SSL is being used by malware. A valud cert does nothing but validate who someone is, it doesn't (at least without human intervention) decide if you should trust the person or host. Getting a valid cert is not hard and therefore installing malware over SSL and avoiding the spyware sniffers if also becoming more common.
Posted by: Mark Curphey | March 25, 2007 at 12:47 PM
@Mark - thanks for the clarification. So, does that mean you agree with me?
Posted by: Pete | March 25, 2007 at 01:48 PM
1) Agreed
2) Might the model shift without SSL?
3) Kinda confused there (not hard to do with me).
4) If you are going to have ISP's block it, then I can maybe see your argument. But if not, taking it away from the good guys does not keep bad guys from using it.
Posted by: Michael R. Farnum | March 26, 2007 at 12:41 AM