More info in my AES128-CBC question
Paul Hoffman
paul.hoffman at vpnc.org
Sun Apr 22 14:53:46 EDT 2007
At 2:04 PM -0700 4/21/07, David Wagner wrote:
>Hagai Bar-El writes:
>>What Aram wrote is "many of the attendees have very little security
>>experience", not: "there are no attendees with security experience".
>>There are people at the relevant OMA group who know enough about
>>security, but just like in the real world -- they are outnumbered by
>>plain "feature-set" people, and thus have to come up with very clear
>>arguments to get their way.
>
>So the people who don't know anything about security are reluctant to
>listen to those who do? That's not a good sign. It may be standard
>operating procedure in groups like this, but that doesn't make it right.
>It's still dysfunctional and dangerrous. If the committee doesn't have
>a commitment to security and is reluctant to listen to the experts,
>that's a risk factor.
In a typical standards-setting environment, non-security people are
usually only willing to listen to security people up to a certain
threshold. There are three normal scenarios:
- A security person proposes a good way to do security for the
proposed protocol. A non-security person says (incorrectly) "I heard
that doesn't work". The security person argues that it does work
here, and the non-security person, not wanting to look foolish, digs
in his heels. People get bored of hearing an argument they don't
understand and make an arbitrary decision.
- A non-security person proposes a bad way to do security for the
proposed protocol. A security person explains why that is insecure.
The non-security person argues (sometimes correctly) that they did it
in this other protocol so we should copy that, and the security
person tries to explain why this is bad security. People get bored of
hearing an argument they don't understand and make an arbitrary
decision.
- A security person proposes two different ways to do security for
the proposed protocol. The second is significantly faster than the
first, but has worse security properties. People say "the first is
good enough for our scenario" and pick it, often not even bothering
to document the diminished security properties.
FWIW, this can happen when designing pure security protocols,
swapping "non-security person" with "security novice" or "security
tourist" or "security hobbiest" or "security poser".
>So why do people with no training in security think
>that they can freely ignore the advice of security professionals without
>any negative consequences?
Because doing so can get things finished earlier and/or make a more
efficient protocol.
Same as it ever was.
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list