[Cryptography] upgrade mechanisms and policies

Bill Frantz frantz at pwpconsult.com
Sat Apr 11 20:38:16 EDT 2015

On 4/11/15 at 1:04 PM, huitema at huitema.net (Christian Huitema) wrote:

>We do have lots of experience with bug fixes, and part of that 
>experience is that a substantial fraction of bug fixes 
>introduce another bug.

Indeed. There was a paper published in the 1060s or 1970s which 
argued that as systems aged, the number of bugs introduced per 
bug fixed became larger. It also contend that for OS/360, the 
number of bugs introduced with each bug fix had grown to be 
larger than 1.

>Assuming that the occurrence of regressions is low enough, 
>there is always a simple fix. Instead of changing the 
>negotiation mechanism to, for example, "prefer 1.4 to 1.5," it 
>should be possible to simply "reissue 1.4 as 1.6." A bit of a 
>waste in terms of numbers, but very little engineering cost.

However, this leaves the policy decision with the standards 
group which assigns the numbers. IMHO, the policy decisions 
should be more diverse and made by people who understand the 
security requirements of the application. For example, some 
applications may place a higher priority on authentication than 
on secrecy, while others would make that tradeoff the other way. 
People closer to the application than the standards group should 
set the policy of which version to trust.

Cheers - Bill

Bill Frantz        | Re: Hardware Management Modes: | Periwinkle
(408)356-8506      | If there's a mode, there's a   | 16345 
Englewood Ave
www.pwpconsult.com | failure mode. - Jerry Leichter | Los Gatos, 
CA 95032

More information about the cryptography mailing list