[Cryptography] open questions in secure protocol design?

ianG iang at iang.org
Sat May 23 12:19:30 EDT 2015

Today's thought while reading the WIP/draft from IETF on algorithmic 
agility [0].  Open questions in secure protocol design:

1.  One True Cipher Suite versus Algorithm Agility?

2.  Design:
    - One designer, small team or committee,
    - Big corp v. lone wolf,
    - open source v. proprietary,
    - patented algs v. open algs,
    - Amateurs v. professionals?

3.  Compromises:
    - Simplicity v. Features,
    - hardware v. software,
    - raw speed v. resource efficiency?

4.  Packet-oriented v. connection oriented?

5.  opportunistic v. externally authenticated v. delayed auth?

6.  Modes & switches v. mode-less, switch-less?

7.  E2e versus point2point.

8.  Alg breaches v. protocol Breaches v. bypasses?

9.  Security v. delivery?


It occurs to me that we now have enough history in open (internet) 
secure protocol to do a survey across protocols & time and discover 
whether there are any meaningful trends in the above open questions.

This might make a good masters topic for someone?


[0] https://tools.ietf.org/html/draft-iab-crypto-alg-agility-04

More information about the cryptography mailing list