Bugtraq mailing list archives
Re: "The End of SSL and SSH?"
From: Adrian Close <adrian () ESEC COM AU>
Date: Fri, 22 Dec 2000 12:54:43 +1100
On Wed, 20 Dec 2000, Kurt Seifried wrote:
The main point of the article was to let people know that SSL and SSH are far from perfect, in fact I think they are pretty poor because they rely so heavily on the end user (usually the weakest link). This
* Security fundamentally relies on people, not technology. The technology is a means to an end. No amount of security software (SSL, SSH, DNSSEC, PKI or whatever) is going to help if the people involved don't take on security conscious behaviours. Conversely, used appropriately, these tools are excellent aids to implementing effective network security. This is almost certainly not news to anyone on the list, but probably worth pointing out at this juncture. I also think it's worth preaching to the unsuspecting public so they might have a chance of achieving some reasonable level of security. Adrian Close email: adrian () esec com au Network Architect phone: +61 3 8371 5300 eSec Limited fax: +61 3 8371 5399 "Protecting your e-business..." web: http://www.esec.com.au
Current thread:
- Re: "The End of SSL and SSH?", (continued)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Damien Miller (Dec 21)
- Re: "The End of SSL and SSH?" Ryan Russell (Dec 21)
- Re: "The End of SSL and SSH?" Michael H. Warfield (Dec 20)
- Re: "The End of SSL and SSH?" Alfred Perlstein (Dec 20)
- Re: "The End of SSL and SSH?" Perry E. Metzger (Dec 21)
- Re: "The End of SSL and SSH?" Kurt Seifried (Dec 21)
- Re: "The End of SSL and SSH?" Eric Rescorla (Dec 21)
- Re: "The End of SSL and SSH?" Samuele Giovanni Tonon (Dec 21)
- Re: "The End of SSL and SSH?" - mongo followup Kurt Seifried (Dec 24)
- Re: "The End of SSL and SSH?" Adrian Close (Dec 22)
- Re: "The End of SSL and SSH?" Martin Rex (Dec 21)
- Re: "The End of SSL and SSH?" Darren Reed (Dec 21)
- Re: "The End of SSL and SSH?" Klaus Moeller (Dec 22)
- Re: "The End of SSL and SSH?" Adam Shostack (Dec 21)