[Cryptography] Heartbleed and fundamental crypto programming practices
Viktor Dukhovni
cryptography at dukhovni.org
Sun Apr 27 18:48:57 EDT 2014
On Sun, Apr 27, 2014 at 06:31:48PM -0400, Phillip Hallam-Baker wrote:
> From a designer standpoint I can guarantee that making TLS or DTLS
> work for an application where they are not suited is going to be
> vastly more complex than designing something that is purpose built.
> But you can imagine what the arguments are going to be like 'go with
> what we understand'. Which actually means 'I don't understand anything
> about this stuff so I want to stick with what exists'.
>
> Its only the message packing mechanism that is a poor match to DNS. We
> can easily establish something that is essentially a shared secret
> bound to a kerberos ticket like identifier and use that to enhance the
> messages.
>
> [...]
>
> If we are going to encrypt packets then we need to do a key exchange
> and establish a shared secret. Once we have a shared secret, encrypt
> and authenticate is pretty much the same complexity and difficulty as
> encrypt only. Adding a MAC to a packet is not a lot of effort.
This sure looks like a sound argument for DNSCurve, which I believe
has even been field tested in shipping products. I wish you all
luck you can muster to persuade the working group to see the light.
--
Viktor.
More information about the cryptography
mailing list