[Cryptography] a question on consensus over algorithmic agility
Viktor Dukhovni
cryptography at dukhovni.org
Fri Jun 27 12:42:16 EDT 2014
On Fri, Jun 27, 2014 at 02:32:06PM +0100, Peter Fairbrother wrote:
> But who decides when to stop using an algorithm suite? The luser client?
> The boss server?
When a server no longer offers an algorithm, if the protocol involves
negatiation, then clients will negotiate some other shared algorithm
or fail.
When a client no longer offers an algorithm, if the protocol involves
negatiation, then servers will negotiate some other shared algorithm
or fail.
When algorithms are ranked by preference, those shared algorithms
ranked most preferable by whichever party selects the preferance
ranking will be selected ahead of those ranked least preferable.
On either the server or client (if not a fixed-function black-box)
adjustments to the list of algorithms supported and their ranking
are made by the crypto library (defaults), application developer
(further tuning for application needs) and application administrator/user
(post-release tuning, vulnerability/interoperability work-arounds,
cargo-cult knob twiddling, ...).
--
Viktor.
More information about the cryptography
mailing list