[Cryptography] open questions in secure protocol design?

Stephen Farrell stephen.farrell at cs.tcd.ie
Tue May 26 16:21:27 EDT 2015



On 26/05/15 15:35, ianG wrote:
> On 26/05/2015 14:44 pm, Stephen Farrell wrote:
>>
>>
>> On 26/05/15 14:35, Ben Laurie wrote:
>>> The way CT works is neither 1TCS nor agility - if you want to change
>>> ciphersuite, you start a new log. So, it seems there are other parts
>>> of the
>>> design space...
>>>
>>
>> Well yes and no. Yes, CT handles this differently from e.g. TLS and
>> that's fine. No, in that 1TCS is just a broken concept and hence is
>> not IMO part of any rational design space in the real world. 1TCS is
>> part of the rhetorical landscape but not a real design choice.
> 
> I sense a little over-reaction here.  1TCS is part of the real world,
> it's been used, and it does the job.
> 
> What we might disagree on is which parts of the world are better suited
> to which pattern.  

For me the term "one true cipher suite" carries with it an
obvious implication that it's proponents consider every other
approach is wrong.

I am very much in favour of aiming to minimise the number of
ciphersuites needed in any given situation but the very concept
that there is one true and hence only one true way to do this is
bogus.

If you want to re-factor your rhetoric to describe what you're
talking about as one design pattern amongst other equally valid
ones then yes I would agree it has some places it might work, but
that it definitely needs a better name as the current 1TCS term
is extremely misleading. Changing that badly chosen term would not
be bikeshedding and could be worthwhile. (Deciding what to replace
it with would of course involve bikeshedding so I won't go there:-)

S



> Clearly, the TLS camp is very well entrenched, so we
> can probably agree to call the TLS school one of the end points in the
> spectrum.
> 
> If we look at all the places where 1TCS works, it might be that it is a
> bit of everywhere, but the thing that stands out (for me) is that it
> works far better when you don't have to worry about world-wide scale,
> competition, permission, approval, consensus and all that.
> 
> E.g., PGP1,2 were happy with it, and it was only when PGP grew up and
> entered the OpenPGP working group that it acquired the agile mojo.
> Bitcoin are happy with it, and as a curious aside, they also promote the
> 'practice' that all miners should use only the one body of code.
> 
> So we might end up saying that the same designs that need IETF would
> also prefer agility.  I see correlation there.  Maybe, there's an
> underlying causality.
> 
> But I wouldn't say that the IETF causes agility, no more than I'd say
> that agility is the cause of the IETF or that the IETF is the owner of
> all rationality and design space and protocols and everything.  That
> would be ... an overstretch.
> 
> More likely there is an underlying factor that is causal.  Something
> about the way the IETF is constructed is also something about why the
> people found at IETF need agility.
> 
> 
> 
> iang
> 
> 
> 
> ps; does anyone know what the NSA's view on this is?  Yes, I know, then
> you have to kill me, but all in the pursuit of knowledge!
> 
> 
> 


More information about the cryptography mailing list