[Cryptography] upgrade mechanisms and policies
Bill Frantz
frantz at pwpconsult.com
Sat Apr 11 20:38:16 EDT 2015
On 4/11/15 at 1:21 PM, ben at links.org (Ben Laurie) wrote:
>Clearly the only sane policy is to believe that the latest version of X is
>the most secure. And if you know about X you ought to also know about the
>problems with X-1, X-2,.... So, sure, each end indicates which versions it
>is prepared to use, but of the intersection, _surely_ highest wins?
This comment brings up an interesting question. Assuming both
ends have a priority order of versions, how do you pick between
versions that are acceptable to both ends. Assume the preference order:
Alice: 54 27 62 11 81
Bob: 81 10 27 22 99
Both Bob and Alice are willing to use versions 27 and 81. 81 is
Bob's 1st choice and Alice's 5th while 27 is Alices 2nd choice
and Bob's 3rd. We might prefer 27, since its average preference
number is higher than 81, but I'm not sure there is a strong
principle for this method. If both parties consider their first
4 choices essentially the same with the 5th choice a desperation
measure to get some protection, then 81 might be better.
Cheers - Bill
--------------------------------------------------------------
Bill Frantz | There are now so many exceptions to the
408-356-8506 | Fourth Amendment that it operates only by
www.pwpconsult.com | accident. - William Hugh Murray
More information about the cryptography
mailing list