On 7/09/13 09:05 AM, Jaap-Henk Hoepman wrote:

Public-key cryptography is less well-understood than symmetric-key 
cryptography. It is also tetchier than symmetric-key crypto, and if you pay 
attention to us talking about issues with nonces, counters, IVs, chaining 
modes, and all that, you see that saying that it's tetchier than that is a 
warning indeed.

You have the same issues with nonces, counters, etc. with symmetric crypto so I 
don't see how that makes it preferable over public key crypto.

It's a big picture thing. At the end of the day, symmetric crypto is something that good software engineers can master, and relatively well, in a black box sense. Public key crypto not so easily, that requires real learning. I for one am terrified of it.

Therefore, what Bruce is saying is that the architecture should recognise this disparity, and try and reduce the part played by public key crypto. Wherever & whenever you can get part of the design over to symmetric crypto, do it. Wherever & whenever you can use the natural business relationships to reduce the need for public key crypto, do that too!


ps; http://iang.org/ssl/h2_divide_and_conquer.html#h2.4
The cryptography mailing list

Reply via email to