On 10/9/13 at 7:12 PM, watsonbl...@gmail.com (Watson Ladd) wrote:
On Tue, Oct 8, 2013 at 1:46 PM, Bill Frantz <fra...@pwpconsult.com> wrote:
... As professionals, we have an obligation to share our
knowledge of the limits of our technology with the people who
are depending on it. We know that all crypto standards which
are 15 years old or older are obsolete, not recommended for
current use, or outright dangerous. We don't know of any way
to avoid this problem in the future.
15 years ago is 1997. Diffie-Hellman is much, much older and still
works. Kerberos is of similar vintage. Feige-Fiat-Shamir is from 1988,
Schnorr signature 1989.
When I developed the VatTP crypto protocol for the E language
<www.erights.org> about 15 years ago, key sizes of 1024 bits
were high security. Now they are seriously questioned. 3DES was
state of the art. No widely distributed protocols used
Feige-Fiat-Shamir or Schnorr signatures. Do any now? I stand by
I think the burden of proof is on the people who suggest that
we only have to do it right the next time and things will be
perfect. These proofs should address:
New applications of old attacks.
The fact that new attacks continue to be discovered.
The existence of powerful actors subverting standards.
The lack of a "did right" example to point to.
... long post of problems with TLS, most of which are valid
criticisms deleted as not addressing the above questions.
Protocols involving crypto need to be so damn simple that if it
connects correctly, the chance of a bug is vanishingly small. If we
make a simple protocol, with automated analysis of its security, the
only danger is a primitive failing, in which case we are in trouble
I agree with this general direction, but I still don't have the
warm fuzzies that good answers to the above questions might
give. I have seen too many projects to "do it right" that didn't
pull it off.
See also my response to John Kelsey.
Cheers - Bill
Bill Frantz | Privacy is dead, get over | Periwinkle
(408)356-8506 | it. | 16345
www.pwpconsult.com | - Scott McNealy | Los Gatos,
The cryptography mailing list