[Cryptography] How to De-Bollocks Cryptography?
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Wed Aug 14 07:10:30 EDT 2024
Phillip Hallam-Baker <phill at hallambaker.com> writes:
>I did the design and made sure that it was capable of meeting every one of
>the use cases regardless of whether it was included or not.
PKIX explicitly rejected, quite strongly, having any use cases for anything,
something I lampooned in
https://www.cs.auckland.ac.nz/~pgut001/misc/minutes.txt.
I know that picking on PKIX all the time has shades of TDS, but they're such a
convenient poster child for now not to do things.
>My cure for complexity is to force people to learn formal methods and write
>some proofs.
I think that's too complicated, most people wouldn't want to learn formal
methods and so they'd just ignore this bit. A more pragmatic approach would
be to require people to hand-encode some of the baroque monstrosities they've
designed in order to give them an idea of how unworkable they are. Avoiding
using the P-word yet again, there are some extensions in TLS that were either
designed by PKIX refugees or at least by someone thinking in ASN.1, not
whatever TLS' encoding format is called. Trusted CA certificates, Certificate
transparency timestamp, and Server identity pinning are examples of this.
Peter.
More information about the cryptography
mailing list