[Cryptography] WireGuard
Tom Mitchell
mitch at niftyegg.com
Thu Sep 6 13:35:36 EDT 2018
On Sun, Sep 2, 2018 at 5:09 PM John-Mark Gurney <jmg at funkthat.com> wrote:
> Peter Gutmann wrote this message on Sat, Sep 01, 2018 at 13:58 +0000:
> > Viktor Dukhovni <cryptography at dukhovni.org> writes:
> >
> > >The right way to do single-suite protocols, is to tie all the choices
> to a
> > >single protocol version. For shiny new parameters, bump the protocol
> > >version. Client proposes its list of protocol versions, and server
> chooses
> > >the highest supported.
> >
> > Even then, you have to be very, very careful with that. The TLS folks
> have
> > been struggling for years with anti-rollback mechanisms, it's really
> hard to
> > do them in a manner that isn't exploitable in some combination of
> > circumstances.
>
> That's because they've been trying to keep backwards compatibility.
> If you have a protocol designed from the start, it's not at all hard.
> You simply integrate all protocol messages into your key generation,
.....
> have to "self downgrade" to allow broken servers to negotiate a
> functional channel...
>
There is a possible solution set.
*) server side enforcement and branding. Many sites sport a security scan
by "vendor" and
that "certification" can be current.
*) plugin like https-everywhere that lights up the search bar red when
presented with an old or deprecated method.
*) site information like a stop light red, amber, green. Amber can gate
the need to update and start a clock even time = zero in the case of zero
day attacks.
For money, the server side can be the enforcer and disallow insecure
methods.
It is not uncommon for banks to demand specific versions of a browser and
even java.
The key will be to have strong APIs so the methods behind door #2 and #3
will work
when door #1 has its lock broken or key compromised.
The number of doors likely needs to be two. The second could be slow &
use big key bit counts just as long as it is
likely to work well enough to bootstrap a client side update. Consider
that chrome, firefox, duckduck, and MS tools
depend on a browser interface to fetch their update.
Two problems: one encryption of data in transit, privacy, security, money;
two is fetching and deploying updates to support #1. The second is
critical
to infrastructure design even national (international) security.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180906/a7235db6/attachment.html>
More information about the cryptography
mailing list