[Cryptography] open questions in secure protocol design?

[Stephen Farrell]

On 28/05/15 10:26, Peter Gutmann wrote:
> ianG <iang at iang.org> writes:
> 
>> It occurs to me that we now have enough history in open (internet) secure
>> protocol to do a survey across protocols & time and discover whether there
>> are any meaningful trends in the above open questions.
> 
> One generalisation I think is that Schneier and Ferguson's "security protocols
> should not be designed by a committee" still holds (following on from the
> implied "security protocols should not be designed by people who don't know
> much about cryptography").  The every-algorithm-ever designs (TLS now has
> what, 400 cipher suites?) seem to come as a byproduct of design-by-committee
> specs, while having one or two people who know what they're doing do the work
> leads to much cleaner designs.

Design-by-committee is a soundbite that doesn't always apply.
It clearly does apply in some cases, but in others I think
the situation is just complex with a lot of interested folks
with slightly different needs. Life is just way simpler if
you only have to bother with what you want yourself;-)

TLS is more the latter than the former I think. Esp given
that the basic design was in fact the output of a new
Netscape folks if I recall correctly.

> 
> (A possible rule for this would be that you're allowed two each of a PKC,
> hash/MAC, and block cipher/mode.  Every time you want to introduce something
> new, you have to throw an existing one out.  That'd make people think...).

If you write that up in an Internet-draft I'd be willing to
try see if we could get IETF consensus for it. I'm not sure
we would, but I'd be willing to try.

S.


> 
> Peter.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>