Monoculture
Eric Rescorla
ekr at rtfm.com
Wed Oct 1 11:53:39 EDT 2003
Don Davis <don at mit.edu> writes:
> EKR writes:
> > I'm trying to figure out why you want to invent a new authentication
> > protocol rather than just going back to the literature ...
>
> there's another rationale my clients often give for
> wanting a new security system, instead of the off-
> the-shelf standbys: IPSec, SSL, Kerberos, and the
> XML security specs are seen as too heavyweight for
> some applications. the developer doesn't want to
> shoehorn these systems' bulk and extra flexibility
> into their applications, because most applications
> don't need most of the flexibility offered by these
> systems.
I hear this a lot, but I think that Perry nailed it earlier. SSL, for
instance, is about as simple as we know how to make a protocol that
does what it does. The two things that are generally cited as being
sources of complexity are:
(1) Negotiation.
(2) Certificates.
Negotiation doesn't really add that much protocol complexity,
and certificates are kind of the price of admission if you want
third party authentication.
> some shops experiment with the idea of using only
> part of OpenSSL, but stripping unused stuff out of
> each new release of OpenSSL is a maintenance hassle.
But here's you're talking about something different, which is
OpenSSL. Most of the OpenSSL complexity isn't actually in
SSL.
The way I see it, there are basically four options:
(1) Use OpenSSL (or whatever) as-is.
(2) Strip down your toolkit but keep using SSL.
(3) Write your own toolkit that implements a stripped down subset
of SSL (e.g. self-signed certs or anonymous DH).
(4) Design your own protocol and then implement it.
Since SSL without certificates is about as simple as a stream
security protocol can be, I don't see that (4) holds much of
an advantage over (3)
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list