Bill Trost wrote: > Lucky Green writes: > Be it SSH, TLS, or an abomination such as IKE, the inevitable > consequence of providing a choice of cryptographic algorithms is > that the weakest algorithm will stay around forever. In addition, > implementing the algorithm negotiation tends to be the *vast* > majority of the crypto-related work. Implementing such a negotiation > securely is one of the true challenges in practical cryptography. > > There is one very profound and fundamental conclusion that can be > drawn from looking at the past efforts that involved implementing > negotiating the cryptographic algorithms: don't! > > Good advice. > > Alternatively, since there have been two (or three and a half, counting > IKE) implementation of algorithm negotiation, Freenet could just use one > of those. You'd think it would save *someone* (say, Scott), a lot of > work.
Unfortunately, using an existing algorithm negotiations mechanism does nothing to address the first concern (weakest algorithms will stay around and since there is a choice of stronger algorithms, somebody *will* add a weak algorithm "because there is no harm done since stronger algorithms exist and can be negotiated"). Nor does using an existing algorithm negotiations mechanism address a good chunk of the second concern (which wasn't explicitly mentioned in my original post): testing requirements in their various forms (interop, conformance, etc.) will increase /substantially/ even if existing methods are used. IMNSHO, the only good algorithm choice is no algorithm choice. At least if reliability, interoperability, and time-to-market are considered desirable properties of the system. --Lucky _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
