[Cryptography] open questions in secure protocol design?

alex at alten.org alex at alten.org
Mon Jun 1 03:47:07 EDT 2015 

Quoting ianG <iang at iang.org>:

> On 26/05/2015 14:44 pm, Stephen Farrell wrote:
>>
>>
>> On 26/05/15 14:35, Ben Laurie wrote:
>>> The way CT works is neither 1TCS nor agility - if you want to change
>>> ciphersuite, you start a new log. So, it seems there are other parts of the
>>> design space...
>>>
>>
>> Well yes and no. Yes, CT handles this differently from e.g. TLS and
>> that's fine. No, in that 1TCS is just a broken concept and hence is
>> not IMO part of any rational design space in the real world. 1TCS is
>> part of the rhetorical landscape but not a real design choice.
>
>
>
> I sense a little over-reaction here.  1TCS is part of the real  
> world, it's been used, and it does the job.
>
>
>

....snipped..

> So we might end up saying that the same designs that need IETF would  
> also prefer agility.  I see correlation there.  Maybe, there's an  
> underlying causality.
>
> But I wouldn't say that the IETF causes agility, no more than I'd  
> say that agility is the cause of the IETF or that the IETF is the  
> owner of all rationality and design space and protocols and  
> everything.  That would be ... an overstretch.
>
> More likely there is an underlying factor that is causal.  Something  
> about the way the IETF is constructed is also something about why  
> the people found at IETF need agility.
>

My experience with the IETF is that the sender (in a network protocol) should
encode in a single manner and that the receiver should be accepting of a wide
variety of encoding styles (that mean the same thing). My take is that
this is because the Internet is composed of heterogeneous software & hardware
and that protocol implementers would read the same specification and implement
it in slightly different ways.

On one project that I designed I applied this to our crypto  
communications that
passed around data keys for enciphered data.  I recommended to each  
our application
implementation teams to encrypt using one key type (say AES CTR for  
team A and 3DES
CBC for team B), but to be accepting of a wide variety of key  
types/modes while
decrypting (say AES, 3DES and Blowfish).  As long as the key lengths (and the
algorithms/modes) met the minimum policy requirement being applied to  
the enciphered
data this worked fine.

- Alex




-- 
Alex Alten
alex at alten.org

More information about the cryptography mailing list