[Cryptography] How to De-Bollocks Cryptography?

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Aug 12 08:25:12 EDT 2024 

Phillip Hallam-Baker <phill at hallambaker.com> writes:

>There is a tendency for people to design systems that fail to meet essential
>requirements in the mistaken belief this will reduce complexity.

There's also a tendency for protocol designers / standards committees to
design mechanisms to try and address every imaginary issue everyone on the
standards committee could ever dream up, including a great many that don't
actually exist.  IPsec and anything PKIX did are extreme examples of this,
leading to designs that were severely compromised because, apart from their
unmanageable complexity, they ended up with the flexibility of rubber swords
and styrofoam screwdrivers, losing a lot of utility in exchange for
theoretical properties that didn't matter.

What other protocols like TLS and to a lesser extent SSH have shown in
contrast is that if you slowly bloat things up over time people don't get
nearly as upset as if you front-load the bloat in one big pile - TLS, just
that one protocol, is now bigger than everything PKIX ever did, combined, and
PKIX was notorious for its bloated, unimplementable designs.

Getting back to the churn comments in the Bollocks talk, security protocols
are like builders' houses.  It's pretty much a cliche that a builder's house
is never finished, but it's fact-based: Ask any builder you know if their
house is actually completely finished and the answer is always some variant of
"no" [0].  And it's the same with crypto protocols.  They're never finished,
not because they can't be finished but because the designers and standards
committees will, unless someone takes them outside and shoots them in order to
freeze the design, will just keep tinkering with them forever.

However unlike a builder's house where the fact that the laundry is just bare
framing or you're eating your dinner off planks thrown across a sawhorse
doesn't mean the house won't fall down as a consequence, with security
protocols the perpetually-unfinished nature and neverending churn can and will
make the protocol fall apart because existing problems never get fixed but
merely replace with new, different ones.

Peter.

[0] I'm not sure if the term busman's holiday is known in the US, but that's
    the reason why a builder's house is never finished.

More information about the cryptography mailing list