<div dir="ltr"><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 6, 2016 at 10:47 PM, Ron Garret <span dir="ltr"><<a href="mailto:ron@flownet.com" target="_blank">ron@flownet.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
On Jul 6, 2016, at 9:47 AM, Stephan Neuhaus <<a href="mailto:stephan.neuhaus@zhaw.ch">stephan.neuhaus@zhaw.ch</a>> wrote:<br>
<br>
> On 2016-06-23 06:33, Phillip Hallam-Baker wrote:<br>
>><br>
>> Some of the points I am planning to make are: [...]<br>
>><br>
>> * Complexity is the enemy of security.<br>
><br>
> Depending on what you mean by that, the evidence for this is pretty thin.<br>
<br>
</span>The evidence may be thin, but the argument seems compelling to me: the more complex a system is, the more possible places there are for vulnerabilities to hide.<br></blockquote><div><br></div><div><div class="gmail_default" style="font-size:small;display:inline">The more complex you make the system, the more time you will spend analyzing it and the less complete your analysis will be. So learning to simplify without loss of functionality is critical.</div></div><div><div class="gmail_default" style="font-size:small;display:inline"><br></div></div><div><div class="gmail_default" style="font-size:small;display:inline">But you also have to watch the problem of complexity through over simplification which is how PKIX got in such a mess. Instead of having one mechanism to do a job, people bleated 'keep it simple' and so each mechanism was not quite powerful enough to do the job intended. And so instead of one mechanism covering CRLs and OCSP we ended up with two and then SCVP and many variations thereon.</div> </div><div><br></div><div><div class="gmail_default" style="font-size:small">And of course the people who bleated 'keep it simple' the loudest then went and invented policy constraints.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Another example of false simplicity is attempting to reuse a tool that isn't designed for the task. The use of PKIX certificates as a delegation mechanism for BGP security is utterly nuts. Just give each RIR a cert and they sign their list of BGP assignments once a day.</div><br></div></div></div></div>