[Cryptography] asymmetric attacks on crypto-protocols - the rough consensus attack

Stephen Farrell stephen.farrell at cs.tcd.ie
Sun Aug 2 15:09:20 EDT 2015 


On 02/08/15 19:16, ianG wrote:
> On 2/08/2015 12:33 pm, Stephen Farrell wrote:
>>
>> On 02/08/15 05:27, ianG wrote:
>>> It turns out that there is a really nice attack.
>>
>> Also trying to keep away from specifics of any one protocol.
>>
>> In general you assume that the attacker (who I agree exists) is active
>> as part of the process. There's no way to know the probability of
>> that. I do know that people have the ability and propensity to disagree
>> with one another for all sorts of reasons that are nothing to do with
>> the posited attacker. Perhaps especially the kind of people who
>> currently dominate discussions about new Internet protocols. And even
>> more especially in fully open environments where anyone can try to
>> participate. And since the new work represents change, and for some
>> folks, significant change, it's entirely likely that genuine
>> differences of opinion will exist even without any action from the
>> attacker.
>>
>> There is also the fact that any rough consensus process has to be
>> run by fallible humans. Not everyone is good at herding cats so that
>> the cats agree they have arrived at rough consensus. So in addition
>> to genuine technical disagreement one also has to take into account
>> the chances of accidental mis-management. IMO, that probability is
>> also quite high - not every engineer ends up being good at cat
>> herding sadly;-)
> 
> 
> So, to just add something to the above point about committees 

Sigh. You are wrong to think of IETF working groups as "committees."
There are similarities but there are huge differences. I realise that
using that term serves your rhetoric as it conjures up images of
closed rooms full of staid 19th century gentlemen  but that is just
not a relevant way to think about an IETF working group.

Many of the O(100) IETF working group lists have hundreds of
subscribers, and dozens of active mailing list participants. And all
people (with an email address) are welcome to participate at any
time - the main requirement being to that one's contributions need
to be technically sound or they will be ignored. Those working groups
have no real membership and we no real voting (there being no
enumerable electorate) so many of the concepts associated with
committees (including by you below when you say "elected") are not
applicable.

Yes, the reality is not perfect but the real imperfect dynamics are
just not those described by the (here pejorative) term committee.

And before one argues to discard a significant part of such a process,
especially on the basis of an invisible hand on the scales, I do think
one has a duty to at least accurately describe what one is arguing to
discard. And you have not done that.

That is another part of why I think your argument here is ill-informed.

> being
> difficult without any help, it is of course possible for a committee to
> act the same way even in the absence of an attacker.  This is what makes
> the attack so neat - as long as the attacker just acts as disorganised
> and catty as a normal engineer, there is no observable difference.  The
> attack is invisible, and the hand that guides is also invisible, but not
> the invisible hand of economic progress.

So let me see, you argue that there's an attack that can always be
invisible, and that therefore we should surrender to that attacker.
I don't find that at all convincing.

(Separately, I never said economic "progress" - I said interests which
is just not the same:-)

Cheers,
S.

> 
> Learning that these two things exist - that we alone can stall the
> process by being bad at committee, and that others can use this badness
> against us - is a really tough lesson.  However, I have discovered a
> rather elegant way that at least gets leads the horse (ass?) to water.
> 
> 
> 
> Way back in WWII, the USA's OSS was engaged in the process of sabotaging
> the German production machine.  To assist its agents it created a manual
> [0] which was distributed out to the field.  This manual has since been
> declassified as it was presumably only of historical interest.
> 
> As it was a comprehensive look at how to interfere with the enemy, it
> also exhorted the common factory worker to do his or her part.  And it
> created a set of tactics to slow everything down.  This is chapter 11 of
> the manual, which has such gems as "engage in long correspondence" :)
> 
> It turns out that Chapters 11 and 12 [1] are a rather poignant
> reflection of what can go wrong in committee.  So when I found myself as
> part of such a committee back in late 2000s, I copied the manual in and
> I euphemistically named it "the manual for our committee" [2].
> 
> Then, every time there was a new committee elected, I would pop up and
> say "and don't forget to read the manual on how you do board meetings"
> or some such.  New members would then diligently read it, and quietly
> chuckle and figure out I was having a joke or something.
> 
> But the seed is planted.  Not only can we stuff up with histrionics
> ("Cry and sob hysterically at every occasion") and bad behaviour, this
> can be used against us by an enemy.
> 
> 
> 
> iang
> 
> 
> 
> [0]
> http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/OSS_Simple_Sabotage_Manual.pdf
> 
> [1]
> http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html
> [2]
> The board of CAcert, a community certification authority that changes
> its board around every year.
> 
>

More information about the cryptography mailing list