[cryptography] preventing protocol failings
decoy at iki.fi
Mon Jul 4 19:28:10 EDT 2011
(I'm not sure whether I should write anything anytime soon, because of
Len Sassaman's untimely demise. He was an idol of sorts to me, as a guy
who Got Things Done, while being of comparable age to me. But perhaps
it's equally valid to carry on the ideas, as a sort of a nerd eulogy?)
Personally I've slowly come to believe that options within crypto
protocols are a *very* bad idea. Overall. I mean, it seems that pretty
much all of the effective, real-life security breaches over the past
decade have come from protocol failings, if not trivial password ones.
Not from anything that has to do with hard crypto per se.
So why don't we make our crypto protocols and encodings *very* simple,
so as to resist protocol attacks? X.509 is a total mess already, as
Peter Gutmann has already elaborated in the far past. Yet OpenPGP's
packet format fares not much better; it might not have many cracks as of
yet, but it still has a very convoluted packet structure, which makes it
amenable to protocol attacks. Why not fix it into the simplest,
upgradeable structure: a tag and a binary blob following it?
Not to mention those interactive protocols, which are even more
difficult to model, analyze, attack, and then formally verify. In Len's
and his spouse's formalistic vein, I'd very much like to simplify them
into a level which is amenable to formal verification. Could we perhaps
do it? I mean, that would not only lead to more easily attacked
protocols, it would also lead to more security...and a eulogy to one of
the new cypherpunks I most revered.
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cryptography