Hadmut Danisch wrote: > The reason I was asking is: I had a dispute with someone who > claimed that cryptography is by far the most important discipline > of information and communication security, and that its transition > from an art to a science was triggered by Shannon's paper in 1949 > and the Diffie/Hellman paper in 1976 (discovery of public key > systems).
It depends on what the context is. If we are talking about "military security" then commsec is of some use, as things like tactical security don't really "need" the benefit of hard crypto, it's just a nice-to-have. E.g., the presence of a radio signal is generally most of the short term importance of tactical comms. The rest of it tends to be chit-chat which is hard to analyse in real time anyway... In this sense, commsec means radio silence more than anything else. If we are talking about "government security" then it is of high use, because pretty much everything about government is about talking and documents, and the time aspect of tactical comms is not present. Within the academic notion of infosec & commsec, it would be fair to say that it's the most important, but that's by absence, really. There's isn't much else to study if one is confined to academic research into the security of data! > Reality is different: While Firewalls, Content Filters (Virus/Spam/ > Porn filters), IDS, High availability systems, etc. become more and > more important, encryption and signatures, especially based on PKIs, > don't seem to get more relevant (except for HTTPS/TLS). If we are talking about Internet security, then by far the biggest problems are viruses, hacked hosts, identity theft and DOS. Snooping is next to non-existant but has a reputation for being rampant. Active attacks on comms - MITM, etc - are basically a theoretical issue only, but are seen by many theoreticians as "must-protects". This discord is seen by the fact that a real snooping event or, heaven forbid, an active MITM, is a newsworthy event, whereas the real threats - hacked credit card databases - are somewhere between boring and embarressing. (I'm waiting with interest to see if there is much report of WEP kits being used out in the world for aggressive entries.) So, part of the problem is that cryptography people have been concentrating on the wrong things (wrong threat model) for so long that they have earnt a reputation of being "mostly harmless." > There was an interesting speech held on the Usenix conference > by Eric Rescorla (http://www.rtfm.com/TooSecure-usenix.pdf, > unfortunately I did not have the time to visit the conference) > about cryptographic (real world) protocols and why they failed > to improve security. That's a scary talk! I see a lot of familiar stuff, but it seems that whilst Eric courts the dark side of real security, he holds back from really letting go and getting stuck into SSL. For example, he states that 28% of wireless networks use WEP, and 1% of web servers use SSL, but doesn't explain why SSL is a "success" and WEP is a "failure" :-) On the plus side, he balances the conventional (SSL is the model) with the new view (SSH is the model) quite well. It's good news that the SSH model is starting to receive some respect. The analysis of threat model failure is good. One thing he doesn't stress is design by committee v. design by small focused team. Much of SSL and SSH's strengths are that they were designed and deployed quickly and cheaply (and insecurely!) so as to tap into real needs real quickly. I would suggest that any security protocol designed by a committee has a low survivability rating. ( Hmm, I wonder who designed WEP? :-) > From the logfiles I've visited I'd estimate > that more than 97% of SMTP relays do not use TLS at all, not > even the oportunistic mode without PKI. Right. But, doing TLS over SMTP relays seems a complete waste of time. Basically doing node-to- node encryption for an end-to-end protocol isn't attractive, neither at the protocol level nor at the administrator level. [Ref: Eric's book.] > I actually know many companies who can live pretty well and secure > without cryptography, but not without a firewall and content filters. > But many people still insist on the claim that cryptography is by far > the most important and only scientific form of network security. Yep. It's just not fun to admit that being hidden in the crowd is a valid form of security. Or, controlling the guest list is solves most of the trouble at parties. > <provocation> > Is cryptography where security took the wrong branch? > </provocation> A large part of the problem, IMHO, is that cryptography in the popular domain is treated as a discipline of science and not of engineering. This is mostly prevalent on the Internet, where there is a sense of self-taught, non- commercial application of cryptography. My time in (or close to) a telco taught me the difference, as there, they have an engineering focus on cryptography, and really understand what it means to calculate the cost of the solution. For them, leaving a weakness was just another risk calculation, whereas so much stuff that happens on the net starts from "we must protect against everything" and then proceeds to design the set of "everything" for ones convenience. iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
