[Cryptography] How to De-Bollocks Cryptography?

[Peter Gutmann]

Kent Borg <kentborg at borg.org> writes:

>If only there were someone with some common sense and visibility and
>cryptography credentials to lead an effort to define a "TLSsimple" standard.

We've already got it, it's called WireGuard.  One guy came up with a better
design than more than two decades of continuous work by standards committees
could produce, and despite being (figure randomly pulled from thin air) twenty
times smaller than IPsec and TLS, no-one seems to be upset about all the
essential and critical features that it doesn't have.

It also seems to be a helluva lot more secure than either IPsec or TLS have
been, probably because it's not packed with said "features".  In fact it
pretty much follows the design thinking I mentioned towards the end of the
Bollocks talk that leads to really hard-to-compromise designs, one cipher
suite, one mode, and not much more.

That's also the thinking behind things like
https://datatracker.ietf.org/doc/html/draft-gutmann-tls-lts-12, there's just
one mode (actually two, one non-ECC and one ECC) that you need to support.
The amusing thing about this was that several TLS attacks were published since
the initial -01 draft was posted, and all of them just bounced off because
there was nothing there to attack.

Peter.