On Wed, Jun 22, 2011 at 8:17 AM, Peter Gutmann <[email protected]> wrote: > Marsh Ray <[email protected]> writes: > >>Right, so one of the lessons learned here was that if IETF had considered >>APIs and not just protocols those bugs in TLS would have been found long ago. > > A pen-tester I know once found a (fairly serious) security hole under the > influence of (equally serious) pharmaceuticals, but I wouldn't recommend the > IETF adopting that as a design strategy, just as I'd be pretty terrified of > the result of the IETF trying to standardise a crypto API. If you look at the > history of all the widely-used crypto APIs: > > Crypto API designed by an individual or a single organisation: > > CryptoAPI: A handful of guys at Microsoft > PKCS #11: Someone at RSA (I've heard different stories). > JCE: A couple of guys at Sun. > OpenSSL: Using the term "designed" very loosely :-), Eric Young and Tim > Hudson.
> Crypto API designed by a committee: > > > > > QED, I think. Apparently esteemed Mr. Gutmann is too modest to include cryptlib. And also Wei Dai's Crypto++ API probably should be in that list. (Jack Lloyd's Botan was already mentioned in a separate post, but should be included as well.) However, I'm not sure the assumption that CICM is being designed by committee because it is seeking to go the IETF working group route is a valid one. For one, Lev mentioned that it has arose from work that Mitre did for the Air Force which means at least there is some basis for previous design and I'd bet that it was designed by a relatively small development team. If anything, I would think that CICM seeking the path of an IETF working group in order to be standardized would parallel the path that was done followed by GSS-API en route to RFC 2743 and before that RFC 2078 and before that RFC 1508. (I was not involved in any of those RFCs, but I presume that they also went through some similar process with an IETF working group, no?) Besides, if anything, I think that crypto APIs would suffer from too little involvement from professional cryptographers than it would from too much involvement. (Or are professional cryptographers the type of people that if you back 5 of them into a corner they will have at least 8 different opinions amongst themselves? ;-) Anyhow, excuse my ignorance, but wouldn't time be better spent critiquing the actual proposed CICM draft specification at http://datatracker.ietf.org/doc/draft-lanz-cicm/?include_text=1 rather than setting up and knocking down seemingly straw men arguments? Thanks for hearing out a crypto novice. -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
