[Cryptography] open questions in secure protocol design?
Stephen Farrell
stephen.farrell at cs.tcd.ie
Thu May 28 14:41:44 EDT 2015
On 28/05/15 10:26, Peter Gutmann wrote:
> ianG <iang at iang.org> writes:
>
>> It occurs to me that we now have enough history in open (internet) secure
>> protocol to do a survey across protocols & time and discover whether there
>> are any meaningful trends in the above open questions.
>
> One generalisation I think is that Schneier and Ferguson's "security protocols
> should not be designed by a committee" still holds (following on from the
> implied "security protocols should not be designed by people who don't know
> much about cryptography"). The every-algorithm-ever designs (TLS now has
> what, 400 cipher suites?) seem to come as a byproduct of design-by-committee
> specs, while having one or two people who know what they're doing do the work
> leads to much cleaner designs.
Design-by-committee is a soundbite that doesn't always apply.
It clearly does apply in some cases, but in others I think
the situation is just complex with a lot of interested folks
with slightly different needs. Life is just way simpler if
you only have to bother with what you want yourself;-)
TLS is more the latter than the former I think. Esp given
that the basic design was in fact the output of a new
Netscape folks if I recall correctly.
>
> (A possible rule for this would be that you're allowed two each of a PKC,
> hash/MAC, and block cipher/mode. Every time you want to introduce something
> new, you have to throw an existing one out. That'd make people think...).
If you write that up in an Internet-draft I'd be willing to
try see if we could get IETF consensus for it. I'm not sure
we would, but I'd be willing to try.
S.
>
> Peter.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
>
More information about the cryptography
mailing list