[Cryptography] IPsec DH parameters, other flaws

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Nov 17 19:35:00 EST 2020


Christian Huitema <huitema at huitema.net> writes:

>Consider that despite lots of investment, a quarter of a century after being
>standardized IPv6 only carries maybe 30 to 50% of the Internet traffic.
>Wholesale replacement may happen if some radical new technology comes along,
>maybe quantum networking if it turns out to be practical. But failing that,
>the best that can happen is a series of small updates.

In particular, IPv6 solves a very real problem that affects a lot of the
world, the exhaustion of IPv4 address space (and even then it's usually easier
to keep kludging around it with NAT than to switch to IPv6).  QUIC just solves
the problem of efficient content delivery for Google, which no-one but Google
cares about.

If we can't get people to adopt IPv6, why would anyone care about QUIC?  And
more generally, why would anyone care about any next-big-thing when they've
already indicated that they prefer to keep extending what's worked in the past
indefinitely because it's less painful than moving to the next-big-thing?

Drifting back to security, a lot of the world values stability over the next
big thing.  I worked on a standard a while back which has a discussion on how
to keep a system that's been compromised by an attacker running, because the
only thing worse, far far worse, than having a running system co-managed by an
attacker is having a non-running system.  So you deal with it by adding
compensating controls and move on.

Peter.



More information about the cryptography mailing list