[Cryptography] a question on consensus over algorithmic agility

Fri Jun 27 13:53:21 EDT 2014

On 27/06/14 17:42, Viktor Dukhovni wrote:
> On Fri, Jun 27, 2014 at 02:32:06PM +0100, Peter Fairbrother wrote:
>
>> But who decides when to stop using an algorithm suite?  The luser client?
>> The boss server?
>
> When a server no longer offers an algorithm, if the protocol involves
> negatiation, then clients will negotiate some other shared algorithm
> or fail.
>
> When a client no longer offers an algorithm, if the protocol involves
> negatiation, then servers will negotiate some other shared algorithm
> or fail.
>
> When algorithms are ranked by preference, those shared algorithms
> ranked most preferable by whichever party selects the preferance
> ranking will be selected ahead of those ranked least preferable.
>
> On either the server or client (if not a fixed-function black-box)
> adjustments to the list of algorithms supported and their ranking
> are made by the crypto library (defaults), application developer
> (further tuning for application needs) and application administrator/user
> (post-release tuning, vulnerability/interoperability work-arounds,
> cargo-cult knob twiddling, ...).
>

As I said: It's certainly not the cryptologist who decides that the use 
of a suite is insecure, and therefore disallowed.

[ Hmmm, an aside - a point of naming. We have algorithms like ciphers 
and modes - we have protocols like key establishment methods and packet 
contents, and so on - we have suites which combine algorithms with 
protocols to give something like TLS_RSA_WITH_3DES_EDE_CBC_SHA:  and we 
have something, like SSL/TLS which I don't know a good name for, which 
is maybe a metaprotocol, or even a language - any suggestions? ]

But if there is only one suite, and it's called Alice, and the crypto 
community says "Alice is broken", then the luser can install Bob and get 
an annoying notification when he can only use Alice.

And, with a bit of psychology, he will blame the servers which still use 
Alice rather than blaming Bob - and the servers will quickly change to 
using Bob.

Well, maybe.

But at least the luser will have some idea of what is going on.

{yes, we have responsibilities to the servers too. That's a different 
issue though}

-- Peter Fairbrother

As I see it, the luser (or learner user) thinks there are two standards 
of security, secure and not secure.

Under present technical circumstances, it isn't a bad idea to try and 
comply with that, as real security isn't that much harder to implement 
than intermediate or conditional or maybe or fake security.

Intermediate security has no real value today.