On 5/07/11 9:28 AM, Sampo Syreeni wrote:
(I'm not sure whether I should write anything anytime soon, because of Len Sassaman's untimely demise. He was an idol of sorts to me, as a guy who Got Things Done, while being of comparable age to me. But perhaps it's equally valid to carry on the ideas, as a sort of a nerd eulogy?)
I don't think I ever met Len, but his words were wise.
Personally I've slowly come to believe that options within crypto protocols are a *very* bad idea.
I think this is an idea who's time may be coming. You might enjoy my thoughts here:
http://iang.org/ssl/hn_hypotheses_in_secure_protocol_design.html Especially H1 and H3.
Overall. I mean, it seems that pretty much all of the effective, real-life security breaches over the past decade have come from protocol failings, if not trivial password ones. Not from anything that has to do with hard crypto per se. So why don't we make our crypto protocols and encodings *very* simple, so as to resist protocol attacks? X.509 is a total mess already, as Peter Gutmann has already elaborated in the far past. Yet OpenPGP's packet format fares not much better; it might not have many cracks as of yet, but it still has a very convoluted packet structure, which makes it amenable to protocol attacks. Why not fix it into the simplest, upgradeable structure: a tag and a binary blob following it?
Yeah. Plus compatibility issues.
Not to mention those interactive protocols, which are even more difficult to model, analyze, attack, and then formally verify. In Len's and his spouse's formalistic vein, I'd very much like to simplify them into a level which is amenable to formal verification. Could we perhaps do it? I mean, that would not only lead to more easily attacked protocols, it would also lead to more security...and a eulogy to one of the new cypherpunks I most revered.
(I for one am not thrilled about formal verification, but if our goals meet, we can be be flexible on the motives.)
iang _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
