[Cryptography] upgrade mechanisms and policies

ianG iang at iang.org
Fri Apr 10 14:50:16 EDT 2015 

On 7/04/2015 15:16 pm, John Denker wrote:
> Multiple recent threads have been very interesting, but
> incomplete and unbalanced.  It is like the old parable:
> Each person is correctly describing their favorite /part/
> of the elephant without acknowledging its relationship
> to the other guy's part ... and to other parts heretofore
> not mentioned.
>
> For crypto primitives as well as higher-level protocols,
> all-too-often we lack both /mechanism/ and /policy/ for
> outroduction (at the end of the life cycle).


(Nice neologism!  I wonder if a better spelling of that is outreduction ?)


>   *) It could be argued that in the absence of a decent
>    policy, there's no point in having a mechanism.


That is more or less what I argue.


>   *) It could be argued that in the absence of a decent
>    mechanism, there's no point in worrying about policy.
>
> Each of those arguments is technically true, but irrelevant.
> The point is, we will have to /solve the whole problem/
> eventually, including both mechanism and policy.


Right.  But we can't get to that stage until the fans of the mechanism 
realise that without a policy, the outcomes are unbalanced.


>    Suggestion #1:  This is a discussion group, not the
>    patent office.  Brainstorming is allowed.  Incomplete
>    ideas are allowed.  People are not required to
>    /solve the whole problem/ on Day One.


:)  And I think the discussion will be solved in this place, because it 
is a discussion group, with no "agenda" in mind.


>    On the other hand:  Suggestion #2:  Those who are
>    suggesting a mechanism should please acknowledge the
>    need for a policy.  If they haven't got a policy, they
>    should at least point out where a policy could be
>    plugged into their mechanism.


Yes please.  And I think that this message will eventually make its way 
into better practice in writing protocol documents.  That is, if agility 
is part of the protocol, then a policy section or reference is a MUST.


> As another way of saying the same thing:  If we don't
> like the mechanism, we should criticize the mechanism
> on its own terms, or suggest a better mechanism;  we
> should not blame the policy (or lack thereof).  Conversely,
> if we don't like the policy, we should criticize the
> policy on its own terms, or suggest a better policy;
> we should not blame the mechanism (or lack thereof).
>
> The overall job's not done until we have both mechanism
> and policy.


Concur.

> ==========================

good stuff snipped.  That's what flag days are...

> ===
>
> Do we need a plan for dealing with emergencies?  Yes,
> absolutely.  That's an important part of the elephant.
>
> The only thing better than that is /preventing/ emergencies,
> i.e. staying far far away from anything that could lead to
> an emergency.  In particular:  We should plan on replacing
> primitives and protocols /before/ we know for sure that
> they are broken.


That is an important corollary of the upgrade mechanism & policy 
principle.  Once everyone has seen how we need a holistic approach -- if 
we are to include these upgrade possibilities -- it becomes much clearer 
that probably we want to have a more planned & conscious replacement of 
the old cruft before it becomes dangerous.


> As a corollary:  We can avoid "flag day" problems by
> introducing the new thing on cycle N, then deprecating
> the old thing on cycle N+2 and outlawing it on cycle
> N+4.  This sort of well-planned transition works a lot
> better in non-emergency situations.


The "odds & evens" version replacement approach is what I think we'll 
drift to in the future, for those protocols have decided to dispense 
with the internal upgrade possibility.


iang

More information about the cryptography mailing list