Matt Blaze:
    It is probably no longer acceptable, as it was just a few years ago,
    to throw together an ad-hoc authentication or key agreement protocol
    based on informal "obvious" security properties, without a strong
    proof of security and a clear statement of the model under which the
    security holds.

    For some recent relevant papers, see the ACM-CCS '02 paper my colleagues
    and I wrote on our JFK protocol (,
    and Ran Canetti and Hugo Krawczyk's several recent papers on the design
    and analysis of various IPSEC key exchange protocols (especially their
    CRYPTO'02 paper).

Eric Rescorla:
    And I'm trying to understand why. This answer sounds a lot like NIH.

    Look, there's nothing wrong with trying to invent new protocols,
    especially as a learning experience. What I'm trying to figure
    out is why you would put them in a piece of software rather 
    than using one that has undergone substantial analysis unless
    your new protocol has some actual advantages. Does it?

I imagine the Plumbers & Electricians Union must have used similar
arguments to enclose the business to themselves, and keep out unlicensed
newcomers.  "No longer acceptable" indeed.  Too much competition boys?

Who on this list just wrote a report on the dangers of Monoculture?

Rich Schroeppel   [EMAIL PROTECTED]
(Who still likes new things.)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to