Matt Blaze wrote:
> > I imagine the Plumbers & Electricians Union must have used similar
> > arguments to enclose the business to themselves, and keep out unlicensed
> > newcomers.  "No longer acceptable" indeed.  Too much competition boys?
> >
> Rich,
> Oh come on.  Are you willfully misinterpreting what I wrote, or
> did you honestly believe that that was my intent?

Sadly, there is a shared culture amongst cryptography   
professionals that presses a certain logical, scientific 

What is written in these posts (not just the present one)
does derive from that viewpoint and although one can   
quibble about the details, it does look very much from
the outside that there is an informal "Cryptographers  
Guild" in place [1].

I don't think the jury has reached an opinion on why
the cryptography group looks like a guild as yet,
and it may never do so.  A guild, of course, is either
a group of well-meaning skilled people serving the
community, or a cartel for raising prices, depending
on who is doing the answering.

But, even if a surprise to some, I think it is a fact
that the crypto community looks like and acts as if a

> I'd encourage the designer of the protocol who asked the original question
> to learn the field.  Unfortunately, he's going about it a sub-optimally.
> Instead of hoping to design a just protocol and getting others to throw
> darts at it (or bless it), he might have better luck (and learn far
> more) by looking at the recent literature of protocol design and analysis
> and trying to emulate the analysis and design process of other protocols
> when designing his own.  Then when he throws it over the wall to the rest
> of the world, the question would be not "is my protocol any good" but
> rather "are my arguments convincing and sufficient?"

This is where maybe the guild and the outside world part

The guild would like the application builder to learn the
field.  They would like him to read up on all the literature,
the analysies.  To emulate the successes and avoid the
pitfalls of those protocols that went before them.  The  
guild would like the builder to present his protocol and  
hope it be taken seriously.  The guild would like the
builder of applications to reach "acceptable" standards.

And, the guild would like the builder to take the guild
seriously, in recognition of the large amounts of time
guildmembers invest in their knowledge.

None of that is likely to happen.  The barrier to entry
into serious cryptographic protocol design is too high
for the average builder of new applications [2].  He has,
after all, an application to build.

What *is* going to happen is this:  builders will continue
to ignore the guild.  They will build their application,
and throw any old shonk crypto in there.  Then, they will
deploy their application, in the marketplace, and they will
prove it, in the marketplace.

The builder will find users, again, in the marketplace.   

At some point along this evolution, certain truths will   
become evident:  the app is successful (or not).  The code
is good enough (or not).  People get benefit (or not).
Companies with value start depending on the app (or not).
Security is adequate (or is not).  Someone comes along and
finds some easy breaches (or not).  That embarrasses (or

And, maybe someone nasty comes along and starts doing
damage (or not).

What may not be clear is that the investment of the security
protocol does not earn its effort until well down the track.
And, as an unfortunate but inescapable corollary, if the app
never gets to travel the full distance of its evolutionary
path, then any effort spent up front on high-end security
is wasted.

Crypto is high up-front cost, and long term payoff.  In
such a scenario, standard finance theory would say that
if the project is risky, do not add expensive, heavy duty
crypto in up front.

This tradeoff is so strong that when we look about the
security field, we find very few applications that
succeeded when also built with security in mind from
the initial stages.

And, almost all successful apps had little or bad security
in them up front.  If they needed it later, they required
expensive add-ons.  Later on.

There are no successful systems that started with perfect
crypto, to my knowledge.  There are only perfect protocols
and successful systems.  A successful system can evolve
to enjoy a great crypto protocol, but it would seem that
a great protocol can only spoil the success of a system
in the first instance.

The best we can hope for, therefore, in the initial phase,
is a compromise: maybe the builder can be encouraged to
think about security as an add-on in the future?

Maybe some cheap and nasty crypto can be stuck in there
as a placemarker?  The equivalent of TEA or 40 bit RC4,
but in a protocol sense.

Or, maybe he can encourage a journeyman of the guild to
add the stuff in, on the side, as a fun project.

Maybe, just maybe, someone can create Bob's Simple Crypto
Library.  As a stopgap measure, as a simple little thing
that is so easy to use that even your average apps builder
wouldn't get turned away.  And just happens to be ammeniable
to replacement later on with Alice's Full & Complex Crypto

It's pretty much a given that projects will get out there
with inadequate security.  The market process for apps 
dictates that.

Although I haven't tested it, I believe it to be an
economically sound result.  The fact that this has little
to do with crypto is ... irrelevant.  That fact that the
cryptographers guild may find this uncomfortable is ... 

What remains uncertain is, when the time comes to upgrade
the security and add some real strength to an application
that cries out for help, will there be anyone there to    
help add the strength?

"Why aren't you using SSL" is basically a warning sign
to all developers that the man asking the question is a
fully paid-up member of the guild.

"Why did you do that?" is also not the right question.  

"What is your threat model?" is a far better start.

"What do you have in place right now?" is more or less
the question that Peter Guttman was asking, and that is
also a good start.

Even better would be a preamble that describes how we
need to get the threat model down on paper so that an
appropriate level of security can be put in place.

> I suppose some people will always take an anti-intellectual attitude
> toward this and congratulate themselves about how those eggheads who
> write those papers with the funny math in them don't know everything to
> excuse their own ignorance of the subject.  People like that with
> an interest in physics and engineering tend to invent a lot of
> perpetual motion machines, and spend a lot of effort fending off
> the vast establishment conspiracy that seeks to suppress their
> brilliant work.  (We've long seen such people in cipher design, but
> they seem to have ignored protocols for the most part, I guess
> because protocols are less visible and sexy).

Well, the opposition to "the guild" is one of pro-market
people who get out there and build applications.  Some
people used to call them entrepreneurs, but these days   
in the net, we think of them as just hackers, because
anyone with a code editor can be an entrepreneur.

They may sometimes say the wrong things about their own
crypto and their own security constructs - such as TINC's
"foolishly childish" attitude may have come across - but
that's just their eternel optimism and innate marketing
sense overriding any sense of absolute but irrelevant truth.

That's just them being entrepreneurs.  Don't however take
home the wrong message.  When they defend the crypto, that's
because they have a strong sense of priorities.  When they
need better crypto, then they will know it.  Because the
market will tell them.

> Rich, I know you're a smart guy with great familiarity (and
> contributions to) the field, and I know you're not a kook, but
> your comment sure would have set off my kook alarm if I didn't
> know you personally.

It's not the first time that entrepreneurs have been
called kooks :-)  It generally happens before they are
successful, though.


[1] I'm ignoring the placement of the apostrophe for the

[2] We can argue the detail, but my point here is that the
barrier to entry is too high, so ignoring the guild is the
most likely result.  That said, here are some points.

It's nice that the literature is open and available.  What
is not nice is how much there is of it.  It's nice that
there is a lot of code available, and complete protocols
to boot.  What is not nice is that there is no easy way
to work out which code to use, and the protocols are not
so easy to understand.  It's nice that we have an open
community that discusses these things.  What is not nice
is that, in trying to determine the one path, the advice
of the community reduces to useless baubles like "use SSL"
or "why did you do that?"  It's great that the community
has standards, but those standards seem to be excessive
in the extreme.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to