[Cryptography] a question on consensus over algorithmic agility
Stephan Neuhaus
stephan.neuhaus at tik.ee.ethz.ch
Thu Jun 26 10:35:57 EDT 2014
On 06/25/2014 05:01 PM, ianG wrote:
> My question in 2 parts, purely to measure *consensus in this group* as
> opposed to the IETF group:
>
>
> 1. Do you believe that in general case for the security for the
> net, (a) security protocols MUST be agile w.r.t cryptography ciphers ?
> OR, in the negative, no, protocols may set one cipher and stick with it.
I think you're screwed either way. In the case that you stick with a
single cipher, you're screwed if it gets broken; and in the second case,
you're screwed because you can't do (or in any case, to my knowledge no
one has done) a secure failover from one supported (but broken) cipher
to another.
> 2. Do you believe in the specific case of an opportunistic,
> dynamic, transparent upgrade inside TCP to an (e.g.,) anonymous DH
> protected secret key protocol, that, the ciphers must be agile? OR, in
> the negative, no, that particular protocol can insist on only one and be
> done with it.
It's opportunistic, right? That means that data is opportunistically
encrypted that would otherwise have been sent in the clear. In that
case, I'd go for the vastly easier-to-implement single-cipher solution.
Because it doesn't matter if the cipher is broken. There was never
any expectation of confidentiality.
Fun,
Stephan
More information about the cryptography
mailing list