I don't mean to be rude , but the real world is a lot more brutish than Mr. Cragle thinks. Here is a link to the declassified version of the latest National Security Assessment for foreign illegal operations in the US. http://www.dss.mil/counterintel/2011...ied-trends.pdf Please note that IT technology is the number 1 target for illegal acquisition by foreign operatives. I have had access to secure systems in the US Judicial System since 1999. SSL 3.0 was broken in the Inter-Service Academy Cyber Defense Competition back before 2005 and as a consequence removed from the list of approved protocols by USCERT. Let's just say Mr Rescorla's work is 5-10 years out of date.
I don't disagree with your assertion. I am under constant attack from phishing e-mails and port scanning by China-originating IP addresses but I use appropriate countermeasures and to this day have not succumbed to these attacks. Maybe one day someone will get the better of me - there will always be subversives looking for the chink in the armor. By saying "Mr Rescorla's work is 5-10 years out of date" - are you referring to TLS 1.2? It is not clear from your statement and that is my point - it is easy to make a sweeping statement that can mean all sorts of things but without support it remains unclear and therefore meaningless.