[Cryptography] OPENSSL FREAK

ianG iang at iang.org
Mon Mar 30 13:59:44 EDT 2015


On 28/03/2015 23:44 pm, Tony Arcieri wrote:
> On Sat, Mar 28, 2015 at 3:55 PM, ianG <iang at iang.org
> <mailto:iang at iang.org>> wrote:
>
>     Fans of algorithm agility need to lay out their life-cycle vision,
>     and refer to empirical evidence that it was possible, it happened,
>     it was the right thing to do, and it worked.
>
>
> I work on termination of SSL/TLS in a professional capacity for a
> service with millions of users. We are constantly tuning our supported
> ciphersuites in response to the latest developments in attacks and
> cryptanalysis. I think cipher agility has been invaluable for us. Tools
> like SSL Labs give us a clear picture on what impact changes to our
> supported ciphersuites will have to our users on a device-by-device basis.


So, on the one hand you claim incredible authority on this question, on 
the other hand, you decline to put that authority to good use in 
answering the challenge.

Clearly, if you are tuning the ciphersuites for millions of users, you 
are also installing the later releases of SSL as they come out of the 
SSL bug machine we've seen develop since 2011.  Right?

So you've cracked the upgrade nut.  You also know which algorithms 
introduced in the last 10 years caused any problems.  Correct?  And you 
know the ratio of bugs in protocol to emergency algorithm switches. 
Estimates?  You also know why it is your customers have any problem with 
export cipher downgrades.  Etc.


> To me "throw the baby out with the bathwater every 5 years" is a total
> nonstarter. We have huge business incentives to support old customers,
> and one of our biggest tools for doing that is working around protocol
> design flaws using cipher agility.


The penny drops.  Your business has huge incentives to support old 
customers.  The 'old customer' problem can be seen as the inability to 
upgrade broken/old SSL versions.  So if we were to do algorithm agility 
properly in SSL -- if we put the conceptual switch in to SSL to turn off 
the old algorithms as is demanded by the engineering -- we'd also solve 
the 'old customer' problem.

Unleashing all that energy to other more productive uses.

Do we have a dichotomy?  How much of the support for algorithm agility 
is due to the major companies handling the 'old customer' problem 
actually benefiting from complexity?

I mean, here, those huge business incentives can't be slouched at.  But 
they only effect you and your partner big companies.  For everyone else, 
we want a *cheaper* result.



iang



More information about the cryptography mailing list