Gunnar Peterson, responding to my posts on REST, says we cannot punt on message-level security. He cites 3 security breaches as evidence that the “the 1995 security model” of “firewall, SSL, and a prayer” won’t cut it. However, I don’t believe that any of these breaches would have been thwarted by message-level security. In the first “an intruder hacked into a TJC Companies’ database,” the 2nd was a stolen file (whether physical or due to a login, I don’t know), and the 3rd was a phishing attack. I don’t see how encryption at the message-level would help in these scenarios. I’m not a computer security expert, but it seems to me that bad logins, physical loss (i.e., stolen laptops), and phishing account for the vast majority of security breaches. At the targeted assault level you have SQL injection and buffer overflows and rootkits. I’ve never heard of an actual man-in-the-middle security breach at the SSL/HTTPS level (feel free to enlighten me).
I’ll reiterate my main point: KISS approaches work well enough for companies like Google, Amazon, and Apple/iTunes to transact billions of dollars in commerce. WS-Security, with its encryption-scheme-independent tokens and trust relationships, etc.: I just don’t see the utility. I certainly see the complexity. Of course, the complexity is generally mitigated within a single vendor’s stack, but interop is actually the “big promise” that started this whole Web Services thing and is much more a real-world issue than the supposed flaws of Internet protocols.
The only scenario that I can think of where I would not trust SSL/HTTPS at the message-level are actual wire transfers. And I think the people who program bank transfers have already figured out a way that works. (Very rapidly, but one penny at a time, as numerous people pointed out in response to my “Top 10 Things I’ve Learned About Computers From The Movies” post.)