[Cryptography] open questions in secure protocol design?
ianG
iang at iang.org
Fri May 29 10:23:21 EDT 2015
On 28/05/2015 00:58 am, Ray Dillinger wrote:
>
>
> On 05/26/2015 02:53 AM, Michael Kjörling wrote:
>
>> Algorithm agility doesn't really help much if you don't have a plan
>> for effectively implementing it in practice. Which pretty much means
>> you need to have a plan to both support the devices involved as well
>> as for how to push upgrades to users.
>
> Show me a means of pushing upgrades to users, and I will show you a
> crook with a means of pushing downgrades deliberately mislabeled as
> upgrades to users, in order to rip them off.
Yup. On the one hand, 1TCS forces you to have a way of upgrading.
On the other, the varied alternate methods do not force you to have a
way of upgrading the protocol. Because of agility, you can simply
assume that the protocol itself can switch internally.
So that looks like an advantage. But, it's a chimera. It just shifts
the pieces around the board. You still need a way of pushing a config
or negotiation upgrade out to the users.
In this sense, there is zero difference - you need a way to push an
upgrade out to users regardless of which approach you take, and if you
don't have it, then you are screwed.
The only difference then is that Algorithm Agility allows you to assume
it away, whereas 1TCS forces you to consider it, by removing the crutch.
iang
More information about the cryptography
mailing list