[Cryptography] IPsec DH parameters, other flaws
iang
iang at iang.org
Fri Nov 13 19:17:54 EST 2020
coming late to this party... but I'll bet the permathread will be
running for a decade.
On 20/07/2020 09:06, Alfie John wrote:
> On 19 Jul 2020, at 14:55, Phillip Hallam-Baker <phill at hallambaker.com> wrote:
>> There are a few individuals who seemed to be always there to pour poison in people's ears and to encourage them to 'stand their ground' when insisting on some asinine security requirement that makes the whole thing undeployable.
> All these war stories are great to finally be open and to a larger audience. Thanks everyone for adding their nuggets!
>
> So it's 2020 and we now know that there's a concerted effort to actively sabotage standards and implementations by many actors (including large budgets to sway people at all levels). Considering a clean slate for the whole stack - from TCP, IP, BGP, DNS, HTTP, etc and all the way to certificate infrastructure, application layer authentication, key management etc:
>
> - how would you design the state of the art with security as one of its primary goals (i.e features and anti-features)
The key is to start asking who, not how. It's clear that the IETF/etc
was setup to allow vendors to duke it out. Which opened the way for NSA
& friends to futz up the security groups with targetted interventions.
In short to bring the process to a standstill where their security was
involved.
So the answer is to not do that - not do committees, working groups, and
not rely on the good faith of participants. When there is an attacker
who is prepared to outspend you and out-faith you, you have to change
the process. In this context, the who cannot be a committee.
The who has to be individuals / tight teams.
> - how would you manage the coordination differently (given the current way is prone to sabotage)
Now the how.
The NIST AES process showed one way: a knock down competition. Set the
requirements, invite open submissions. Only one proposal wins. Set a
schedule. Stick to it. Thunderdome. 30 proposals enter, 1 leaves.
Another way (also shown by NIST) is to contract someone credible to do
the job. This was done with SHA2. To date, criticisms have been
glancing, including as proven with SHA3 competition.
Ofc, one could criticise and say this can only be done with very simple
designs that have nothing to do with hiding information. But actually,
there are many people & teams who we could probably widespread trust to
do a good job, given strong requirements.
The problem here might be how to stop nefarious agencies (NSA) from
spiking the project while in gestation. Here, strong requirements,
transparent schedule and many well known observers can help.
iang
ps; See you in another decade.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20201114/196da427/attachment.htm>
More information about the cryptography
mailing list