[Cryptography] a question on consensus over algorithmic agility
Peter Fairbrother
zenadsl6186 at zen.co.uk
Fri Jun 27 13:53:21 EDT 2014
On 27/06/14 17:42, Viktor Dukhovni wrote:
> On Fri, Jun 27, 2014 at 02:32:06PM +0100, Peter Fairbrother wrote:
>
>> But who decides when to stop using an algorithm suite? The luser client?
>> The boss server?
>
> When a server no longer offers an algorithm, if the protocol involves
> negatiation, then clients will negotiate some other shared algorithm
> or fail.
>
> When a client no longer offers an algorithm, if the protocol involves
> negatiation, then servers will negotiate some other shared algorithm
> or fail.
>
> When algorithms are ranked by preference, those shared algorithms
> ranked most preferable by whichever party selects the preferance
> ranking will be selected ahead of those ranked least preferable.
>
> On either the server or client (if not a fixed-function black-box)
> adjustments to the list of algorithms supported and their ranking
> are made by the crypto library (defaults), application developer
> (further tuning for application needs) and application administrator/user
> (post-release tuning, vulnerability/interoperability work-arounds,
> cargo-cult knob twiddling, ...).
>
As I said: It's certainly not the cryptologist who decides that the use
of a suite is insecure, and therefore disallowed.
[ Hmmm, an aside - a point of naming. We have algorithms like ciphers
and modes - we have protocols like key establishment methods and packet
contents, and so on - we have suites which combine algorithms with
protocols to give something like TLS_RSA_WITH_3DES_EDE_CBC_SHA: and we
have something, like SSL/TLS which I don't know a good name for, which
is maybe a metaprotocol, or even a language - any suggestions? ]
But if there is only one suite, and it's called Alice, and the crypto
community says "Alice is broken", then the luser can install Bob and get
an annoying notification when he can only use Alice.
And, with a bit of psychology, he will blame the servers which still use
Alice rather than blaming Bob - and the servers will quickly change to
using Bob.
Well, maybe.
But at least the luser will have some idea of what is going on.
{yes, we have responsibilities to the servers too. That's a different
issue though}
-- Peter Fairbrother
As I see it, the luser (or learner user) thinks there are two standards
of security, secure and not secure.
Under present technical circumstances, it isn't a bad idea to try and
comply with that, as real security isn't that much harder to implement
than intermediate or conditional or maybe or fake security.
Intermediate security has no real value today.
More information about the cryptography
mailing list