[Cryptography] Crypto Standards v.s. Engineering habits - Was: NIST about to weaken SHA3?
David Mercer
radix42 at gmail.com
Thu Oct 10 23:33:55 EDT 2013
On Thursday, October 10, 2013, Salz, Rich wrote:
> > TLS was designed to support multiple ciphersuites. Unfortunately this
> opened the door
> > to downgrade attacks, and transitioning to protocol versions that
> wouldn't do this was nontrivial.
> > The ciphersuites included all shared certain misfeatures, leading to the
> current situation.
>
> On the other hand, negotiation let us deploy it in places where
> full-strength cryptography is/was regulated.
>
> Sometimes half a loaf is better than nothing.
The last time various SSL/TLS ciphersuites needed to be removed from
webserver configurations when I managed a datacenter some years ago led to
the following 'failure modes', either from the user's browser now warning
or refusing to connect to a server using an insecure cipher suite, or when
the only cipher suites used by a server weren't supported by an old browser
(or both at once):
1) for sites that had low barriers to switching, loss of traffic/customers
to sites that didn't drop the insecure ciphersuites
2) for sites that are harder to leave (your bank, google/facebook level
sticky public ones [less common]), large increases in calls to support,
with large costs for the business. Non-PCI compliant businesses taking CC
payments are generally so insecure that customers that fled to them really
are uppung their chances of suffering fraud.
In both cases you have a net decrease of security and an increase of fraud
and financial loss.
So in some cases anything less than a whole loaf, which you can't guarantee
for N years of time, isn't 'good enough.' In other words, we are screwed no
matter what.
-David Mercer
--
David Mercer - http://dmercer.tumblr.com
IM: AIM: MathHippy Yahoo/MSN: n0tmusic
Facebook/Twitter/Google+/Linkedin: radix42
FAX: +1-801-877-4351 - BlackBerry PIN: 332004F7
PGP Public Key: http://davidmercer.nfshost.com/radix42.pubkey.txt
Fingerprint: A24F 5816 2B08 5B37 5096 9F52 B182 3349 0F23 225B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20131011/c38237ed/attachment.html>
More information about the cryptography
mailing list