[Cryptography] On the Impending Crypto Monoculture
Aaron Zauner
azet at azet.org
Thu Mar 24 18:19:52 EDT 2016
Hi Peter,
* Peter Gutmann <pgut001 at cs.auckland.ac.nz> [24/03/2016 19:24:20] wrote:
> (The background behind this problem can be found in Phil Rogaway's excellent
> essay "The Moral Character of Cryptographic Work", which discusses aligning
> crypto work with principles like the Buddhist concept of right livelihood,
> applying it in an ethical manner. Unfortunately, in the same way that the
> current misguided attempts by politicians to limit mostly non-existent use of
> crypto by terrorists and other equestrians only affects legitimate users (the
> few terrorists who may actually bother with encryption won't care), so the
> restriction of OCB, however well-intentioned, have the effect that a beautiful
> AEAD mode that should be used everywhere is instead used almost nowhere).
I've spent considerable amount of time about a year ago figuring out
the patent situation with 1. Rogaway 2. Jutla (IAPM on which OCB is
based) and thus IBM. After some deliberation and a few months of
work we got IPR exeptions from all authors and current (relevant)
patent holders for use of OCB in TLS (yes, this is TLS restricted,
but hey - better than nothing. no restrictions which are hard to
understand or implement effectively).
https://datatracker.ietf.org/doc/draft-zauner-tls-aes-ocb/ (the
draft will be updated within the next two or thre days, I'm still
working on a few details - follow the commits if you're interested)
IPR exemptions:
https://datatracker.ietf.org/ipr/2640/
https://datatracker.ietf.org/ipr/2647/
also: https://eprint.iacr.org/2015/189.pdf`
> The implementations of the algorithms aren't much better. Alongside brittle,
> failure-prone crypto modes and mechanisms, we also have brittle, failure-prone
> implementations. The most notorious of these is OpenSSL, which powers a
> [...]
You might get lucky and we'll provide you with a reference to your
aforementioned statement by the end of the month (incorporate hacker
delay).
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160324/3415d763/attachment.sig>
More information about the cryptography
mailing list