[Cryptography] On the Impending Crypto Monoculture
Ray Dillinger
bear at sonic.net
Thu Mar 24 20:47:23 EDT 2016
On 03/24/2016 04:55 PM, Brian Gladman wrote:
> I certainly agree the standardisation committees involved in
> cryptographic and related protocols often produce overly complex and
> convoluted designs that turn out to be fragile as a result.
>
> But our major problems are not really with the low level primitives we
> have available, quite a few of which have proved robust in prcatice,
> but rather in the fact that we are designing to accommodate too many
> options for each primtive at each level in our protocols and too many
> protocols that do essentially the same job in different ways.
>
> I can hence see why the IETF would embark on a round of protocol
> rationalisation, including an effort to reduce the number of primitives
> involved. But it seems to me very odd to discard a range of primitives
> that have proved to be robust and reliable in real use (AES, DH, ...).
If you are eliminating the fragility and brittleness that has attended
protocols for determining which thing to use and in which form and at
what key length, etc, you wind up eliminating things from most
protocols. If you're eliminating things from most protocols it
behooves you to eliminate the same things from all of those protocols,
so as to leave fewer places for bugs or sabotage to hide.
You can argue about which things to eliminate, or claim that DJB made
the wrong choices about it. But that is the slippery slope that leads
to design by committee - so far an unmitigated disaster for security.
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160324/a46ba9bb/attachment.sig>
More information about the cryptography
mailing list