On Mon, Dec 22, 2008 at 04:40:27PM -0800, David Schwartz wrote:
> > > Why not use the RSA key for this purpose, using an established
> > > and tested
> > > algorithm? Since you have the RSA key, and there are any number of
> > > established algorithms to use an RSA key for encryption, why
> > > did you roll
> > > your own?
> >
> > This too is wrong,
>
> If it's wrong, why did you say the same thing I did after claiming I was
> wrong?
>
> > one does not "use RSA" for this purpose, one uses an
> > established protocol, CMS, S/MIME, PGP, ... when the file is encrypted by
> > Alice for delivery to Bob, or a reputable symmetric PBE (password based
> > encryption) when Alice is encrypting the file for later use by Alice and
> > integrity protection is not required.
>
> This is precisely the same thing I said, just in different words. Neither of
> us suggested using RSA directly, and both of us suggested using an
> established mechanism that uses the RSA key.
I believe the extra words around "use RSA" matter. Nothing personal...
Mostly I really want to see the word "protocol" used in place of
"algorithm", because the former are methods of using the latter to achieve
well understaod security goals, while the latter are just building blocks.
If we are careful in our use of language, it is easier to get the point
across.
- Don't choose algorithms for security, choose protocols for
security.
- The right protocol will have a sensible set of algorithms to
go with it, in some cases choose the appropriate subset of
parameters within the protocol to yield the right security,
performance and interoperability tradeoffs.
- Do not be tempted to design new algorithms (most IT people know
this).
- Do not be tempted to design new protocols (most IT people don't
know this).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
