mitch at niftyegg.com
Thu Sep 6 13:35:36 EDT 2018
On Sun, Sep 2, 2018 at 5:09 PM John-Mark Gurney <jmg at funkthat.com> wrote:
> Peter Gutmann wrote this message on Sat, Sep 01, 2018 at 13:58 +0000:
> > Viktor Dukhovni <cryptography at dukhovni.org> writes:
> > >The right way to do single-suite protocols, is to tie all the choices
> to a
> > >single protocol version. For shiny new parameters, bump the protocol
> > >version. Client proposes its list of protocol versions, and server
> > >the highest supported.
> > Even then, you have to be very, very careful with that. The TLS folks
> > been struggling for years with anti-rollback mechanisms, it's really
> hard to
> > do them in a manner that isn't exploitable in some combination of
> > circumstances.
> That's because they've been trying to keep backwards compatibility.
> If you have a protocol designed from the start, it's not at all hard.
> You simply integrate all protocol messages into your key generation,
> have to "self downgrade" to allow broken servers to negotiate a
> functional channel...
There is a possible solution set.
*) server side enforcement and branding. Many sites sport a security scan
by "vendor" and
that "certification" can be current.
*) plugin like https-everywhere that lights up the search bar red when
presented with an old or deprecated method.
*) site information like a stop light red, amber, green. Amber can gate
the need to update and start a clock even time = zero in the case of zero
For money, the server side can be the enforcer and disallow insecure
It is not uncommon for banks to demand specific versions of a browser and
The key will be to have strong APIs so the methods behind door #2 and #3
when door #1 has its lock broken or key compromised.
The number of doors likely needs to be two. The second could be slow &
use big key bit counts just as long as it is
likely to work well enough to bootstrap a client side update. Consider
that chrome, firefox, duckduck, and MS tools
depend on a browser interface to fetch their update.
Two problems: one encryption of data in transit, privacy, security, money;
two is fetching and deploying updates to support #1. The second is
to infrastructure design even national (international) security.
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography