[Cryptography] upgrade mechanisms and policies
Michael Kjörling
michael at kjorling.se
Sat Apr 11 07:52:50 EDT 2015
On 10 Apr 2015 23:28 -0700, from frantz at pwpconsult.com (Bill Frantz):
> The only issue with only one crypto suite per version is that you
> can't assume that version n+1 is better than version n.
On what basis however can we assume that a hypothetical future TLS 1.5
will be "better" (either in some objectively measurable sense, or in
every sense) than a likewise TLS 1.4?
The above is certainly a valid argument to consider, but it falls
apart pretty quickly if we don't at the very least define what
"better" actually _means_. Newer does not necessarily mean better,
especially in the security field, and in fact something that has stood
the test of time may actually be _better_ than something entirely
newfangled.
Even just because such a hypothetical TLS 1.5 would have a larger
number of algorithms to choose from than 1.4 (in the name of backward
compatibility) that does not necessarily make it better. (Anywhere
there is mutual automated negotiation and choosing between, for some
meaning of the terms, "better" and "worse" options, there exists the
possibility of downgrade attacks like the one we have just seen,
whether in the face of implementation bugs or where the negotiation
can be disrupted.)
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list