[Cryptography] a question on consensus over algorithmic agility

[ianG]

On 25/06/2014 19:50 pm, Zooko Wilcox-OHearn wrote:
> I think you should be careful not to conflate cipher-agility with
> protocol upgrade-ability. A false alternative would be to say that we
> have to choose one of these two choices:
> 
> 1. SSL-style cipher-agility
> 
> 2. MyTransportProtocol circa 2014 will come with AES, and then it will
> be impossible for any future deployment of MyTransportProtocol to use
> any other cipher than AES.
> 
> Note that if (2) were true, that would also imply that it is
> impossible for any future deployment of MyTransportProtocol to change
> anything *else* about the MyTransportProtocol protocol, either.


That'd be FIPS version of the One True Transport Protocol, yes ;-)


> Instead, I think the omitted third alternative is the best one:
> 
> 3. MyTransportProtocol circa 2014 will come with AES, and AES alone,
> and it will have sufficient unambiguous versioning indicators that it
> will be possible to deploy new versions of MyTransportProtocol in the
> future that may come with a different cipher.


Your third alternative is exactly spot on.  My intent is to allow any
algorithm choice to occur only at the upgrade from vN to vN+1.

I think it impossible to get away from version upgrading... So it
becomes the upgrade of last resort.

Philosophically, however, I think it is necessary to get people to
accept that algorithm agility is not a MUST within the context of
MyTransportProtocol(2014), in the absolutist sense that IETF sees it
right now;  before moving on to the dynamic consideration of version
upgrading.

I'm also thinking that IETF is locked in a mindset, and those that have
seen the light simply don't go anywhere near the place.  So if we can
show an external picture that is different, it might get some more light
into the dusty dark corridors of net power.

I could be wrong, often am, happy to bat towards a 50% average in this
game...



iang