Leaving small holes unplugged
Nick Szabo:
“Often the protocol designer can’t figure out how to fix a vulnerability. If the attack one needs a trusted third party to protect against is not a serious real-world threat in the context of the application the designer is trying to secure, it is better to simply leave the small hole unplugged than to assign the task to a trusted third party. In the case of public key cryptography, for example, protocol designers haven’t figured out how to prevent a "man-in-the-middle” (MITM) attack during the initial key exchange. SSL tried to prevent this by requiring CAs as trusted third parties, as described above, and this solution cost the web community billions of dollars in certificate fees and lost opportunities to secure communications. SSH, on the other hand, decided to simply leave this small hole unplugged. The MITM hole has, to the best of my knowledge, never even once been exploited to compromise the privacy of an SSH user, yet SSH is far more widely used to protect privacy than SSL, at a tiny fraction of the cost. This economical approach to security has been looked at at greater length by Ian Grigg.“