[Cryptography] open questions in secure protocol design?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu May 28 05:26:15 EDT 2015


ianG <iang at iang.org> writes:

>It occurs to me that we now have enough history in open (internet) secure
>protocol to do a survey across protocols & time and discover whether there
>are any meaningful trends in the above open questions.

One generalisation I think is that Schneier and Ferguson's "security protocols
should not be designed by a committee" still holds (following on from the
implied "security protocols should not be designed by people who don't know
much about cryptography").  The every-algorithm-ever designs (TLS now has
what, 400 cipher suites?) seem to come as a byproduct of design-by-committee
specs, while having one or two people who know what they're doing do the work
leads to much cleaner designs.

(A possible rule for this would be that you're allowed two each of a PKC,
hash/MAC, and block cipher/mode.  Every time you want to introduce something
new, you have to throw an existing one out.  That'd make people think...).

Peter.


More information about the cryptography mailing list