[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

Marsh Ray marsh at extendedsubset.com
Tue Jun 21 15:10:28 EDT 2011

On 06/21/2011 10:27 AM, Nico Williams wrote:
> Martin Rex found the TLS renegotiation bug independently from Marsh
> Ray by thinking of how the SSPI is used to interface to TLS.  The SSPI
> was so faithful to TLS that it really exposed the bug.

Right, so one of the lessons learned here was that if IETF had 
considered APIs and not just protocols those bugs in TLS would have been 
found long ago.

This gets back to the idea of a protocol being developed and blessed as 
"secure" from a crypto perspective, but those who go to implement it do 
so primarily with the goals of simplicity, efficiency, interoperability, 
functionality, and security. There's sometimes a huge DMZ between the 
two mindsets which makes a nice playground for attackers, hackers, and 
Murphy's Law.

- Marsh

More information about the cryptography mailing list