[Cryptography] From Nicaragua to Snowden - why no national standards should be considered in cryptosec

[james hughes]

> On Feb 26, 2016, at 6:18 PM, Stephen Farrell <stephen.farrell at cs.tcd.ie> wrote:
> 
> On 26/02/16 22:36, Ian G wrote:
>> Long article on why IETF and similar bodies should *not* pander to
>> national bodies in adopting encryption algorithms.
> 
> Ignoring the pejorative "pander," I'd love if the IETF could ignore
> the sets of national algorithms that exist, but we can't. There are
> people who are forced to implement them. Fighting for better crypto
> by trying to deny the allocation of code points for such algorithms
> isn't a good plan IMO as it'd be a losing plan and very expensive in
> terms of effort, whilst losing the battle.
> 
> I think likely the best we can do is to annotate cipher code points
> (e.g. in IANA registries) as being "desirable" or "other" and to
> discourage everyone from implementing "other." If we can come up
> with an acceptable but disparaging term for "other" that'd be great
> ("crap" has been suggested but might not be effective).

At the risk of igniting a flame war, there is no analysis of SMS4 that says it is “crap”. None, zip, nada. There are attacks on reduced round implementations of the cipher to demonstrate security, not to demonstrate weakness. https://eprint.iacr.org/2010/062.pdf. If the algorithm was crap, there would be academics eager to publish their cryptanalysis. 

I am not trying to justify the cost and complexity of replacing perfectly good AES with SMS4, or even justify China’s motivation, but any statement that SMS4 is “crap” is itself crap.

I believe the standard speak, the word are not “other”, it is “optional”. If you want a factual pejorative word, it could be “unfortunate” for the vendors and creates systems that are more complex than necessary. 
 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160227/8bcc505d/attachment.html>