[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)
marsh at extendedsubset.com
Tue Jun 21 15:10:28 EDT 2011
On 06/21/2011 10:27 AM, Nico Williams wrote:
> Martin Rex found the TLS renegotiation bug independently from Marsh
> Ray by thinking of how the SSPI is used to interface to TLS. The SSPI
> was so faithful to TLS that it really exposed the bug.
Right, so one of the lessons learned here was that if IETF had
considered APIs and not just protocols those bugs in TLS would have been
found long ago.
This gets back to the idea of a protocol being developed and blessed as
"secure" from a crypto perspective, but those who go to implement it do
so primarily with the goals of simplicity, efficiency, interoperability,
functionality, and security. There's sometimes a huge DMZ between the
two mindsets which makes a nice playground for attackers, hackers, and
More information about the cryptography