[Cryptography] How to De-Bollocks Cryptography?
Phillip Hallam-Baker
phill at hallambaker.com
Sun Aug 11 14:57:56 EDT 2024
On Mon, Aug 5, 2024 at 11:03 PM Ralf Senderek <crypto at senderek.ie> wrote:
> I firmly believe that Peter's conclusion [1] is correct:
>
> "COMPLEXITY IS THE ENEMY OF SECURITY"
>
> So we must find practical ways to solve the complexity
> problem or at least to tackle it. But bear in mind what
> Einstein once said:
>
> "Everything should be made as simple as possible *but no simpler.*"
>
There is a tendency for people to design systems that fail to meet
essential requirements in the mistaken belief this will reduce complexity.
Often times you cannot eliminate the complexity, you just shift it about.
Ignoring revocation makes PKI a lot simpler but means your disaster
recovery processes will be a lot more complex.
The lack of consideration for private key management is a major
shortcoming in traditional PKIs. Of course it is simplest to assume the
private keys magically provision themselves and the public key credentials
are properly provisioned.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20240811/4dd16de2/attachment.htm>
More information about the cryptography
mailing list