On Jul 4, 2011, at 7:28 10PM, Sampo Syreeni wrote:
> (I'm not sure whether I should write anything anytime soon, because of Len
> Sassaman's untimely demise. He was an idol of sorts to me, as a guy who Got
> Things Done, while being of comparable age to me. But perhaps it's equally
> valid to carry on the ideas, as a sort of a nerd eulogy?)
>
> Personally I've slowly come to believe that options within crypto protocols
> are a *very* bad idea. Overall. I mean, it seems that pretty much all of the
> effective, real-life security breaches over the past decade have come from
> protocol failings, if not trivial password ones. Not from anything that has
> to do with hard crypto per se.
>
> So why don't we make our crypto protocols and encodings *very* simple, so as
> to resist protocol attacks? X.509 is a total mess already, as Peter Gutmann
> has already elaborated in the far past. Yet OpenPGP's packet format fares not
> much better; it might not have many cracks as of yet, but it still has a very
> convoluted packet structure, which makes it amenable to protocol attacks. Why
> not fix it into the simplest, upgradeable structure: a tag and a binary blob
> following it?
>
> Not to mention those interactive protocols, which are even more difficult to
> model, analyze, attack, and then formally verify. In Len's and his spouse's
> formalistic vein, I'd very much like to simplify them into a level which is
> amenable to formal verification. Could we perhaps do it? I mean, that would
> not only lead to more easily attacked protocols, it would also lead to more
> security...and a eulogy to one of the new cypherpunks I most revered.
> --
Simplicity helps with code attacks as well as with protocol attacks, and the
former are a lot more common than the latter. That was one of our goals in JFK:
@inproceedings{aiello.bellovin.ea:efficient,
author = {William Aiello and Steven M. Bellovin and Matt Blaze and
Ran Canetti and John Ioannidis and Angelos D. Keromytis and
Omer Reingold},
title = {Efficient, {DoS}-Resistant, Secure Key Exchange for
Internet Protocols},
booktitle = {Proceedings of the ACM Computer and Communications
Security (CCS) Conference},
year = 2002,
month = {November},
url = {https://www.cs.columbia.edu/~smb/papers/jfk-ccs.pdf},
psurl = {https://www.cs.columbia.edu/~smb/papers/jfk-ccs.ps}
}
--Steve Bellovin, https://www.cs.columbia.edu/~smb
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
