[Cryptography] upgrade mechanisms and policies

Bill Frantz frantz at pwpconsult.com
Sat Apr 11 20:38:16 EDT 2015

On 4/11/15 at 1:21 PM, ben at links.org (Ben Laurie) wrote:

>Clearly the only sane policy is to believe that the latest version of X is
>the most secure. And if you know about X you ought to also know about the
>problems with X-1, X-2,.... So, sure, each end indicates which versions it
>is prepared to use, but of the intersection, _surely_ highest wins?

This comment brings up an interesting question. Assuming both 
ends have a priority order of versions, how do you pick between 
versions that are acceptable to both ends. Assume the preference order:

  Alice: 54 27 62 11 81
  Bob:   81 10 27 22 99

Both Bob and Alice are willing to use versions 27 and 81. 81 is 
Bob's 1st choice and Alice's 5th while 27 is Alices 2nd choice 
and Bob's 3rd. We might prefer 27, since its average preference 
number is higher than 81, but I'm not sure there is a strong 
principle for this method. If both parties consider their first 
4 choices essentially the same with the 5th choice a desperation 
measure to get some protection, then 81 might be better.

Cheers - Bill

Bill Frantz        | There are now so many exceptions to the
408-356-8506       | Fourth Amendment that it operates only by
www.pwpconsult.com | accident.  -  William Hugh Murray

More information about the cryptography mailing list