Monoculture

[Perry E. Metzger]

Richard Schroeppel <rcs at CS.Arizona.EDU> writes:
(Responding to the chorus of protocol professionals saying "please do
 not roll your own")
> I imagine the Plumbers & Electricians Union must have used similar
> arguments to enclose the business to themselves, and keep out unlicensed
> newcomers.  "No longer acceptable" indeed.  Too much competition boys?

TLS, IPSec, JFK, etc. are all intellectual property free. No one gets
money if people use them. There is no union here with an incentive to
eliminate competition. No one's pay changes if someone uses TLS
instead of a roll-your-own-protocol.

> Who on this list just wrote a report on the dangers of Monoculture?

I did. Dependence on a single system is indeed a problem. However, one
must understand the nature of the problem, not diversify blindly.

Some companies are said to require that multiple high level executives
cannot ride on the same plane flight, for fear of losing too many of
them simultaneously. That is a way of avoiding certain kinds of
risk. However, I know of no company that suggests that some of those
executives fly in rickety planes that have never been safety tested
and were built by squirrels using only pine cones. That does not reduce
risk.

I have to agree with Matt Blaze, Eric Rescorla, and numerous others
who have said this before. Cryptographic algorithms and protocols are
exceptionally difficult to design properly, and you should not go
around designing something on a whim and throwing it into your
software, any more than you would invent a new drug one morning and
inject it into patients that afternoon.

There is nothing whatsoever wrong with people proposing a new protocol
or algorithm, publishing it, discussing it, etc. Indeed, TLS, AES and
all the rest started as published documents that were then subjected
to prolonged attempts to break them. If, after something has been
reviewed for some years, it then appears to have unique advantages and
no one has succeeded in attacking the protocol, it might even be fit
for use in products.

This is very very different, however, from subjecting your users to
seat-of-the-pants designed protocols and algorithms that have had no
review whatsoever. Given that even the professionals generally screw
it up the first few times around, it is hardly surprising that the
"roll your own" attempts are almost always stunningly bad. This is
doubly so given that the protocols and algorithms used in many of
these systems don't even have a pretense of superiority over the
existing ones.

The protocols Peter Gutmann was complaining about in the message that
started this thread are, for the most part, childishly bad in spite of
the protestations of their creators. Are you arguing that it is in the
interest of most people to be using such incompetently designed
"security software"?

By the way, none of this contradicts what a number of us said in our
monoculture paper.

Perry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com