[cryptography] IETF Working Group Charter on Common Interface to Cryptographic Modules (CICM)

James A. Donald jamesd at echeque.com
Tue Jun 21 19:09:50 EDT 2011


On 2011-06-22 3:35 AM, Nico Williams wrote:
> My concern is that we already have a large number of technologies in
> the IETF for establishing channels[*].

We don't have a large number of satisfactory technologies.  Indeed, I 
don't think we have any satisfactory technologies.

Among the problems with existing technologies is that they are overly 
reliant on trusted central authority, that due to layering they induce 
too many unnecessary round trips, that they lack provision for open 
ended protocol negotiation, that they fail to play nice with nat 
traversal, and that they have problems with real time point to point 
communications.

The too many round trips problem leads to people, notably banks, not 
using encryption when they should.  Too many round trips is a major 
factor making bank pages slow and funky, which gives rise to such 
infamous security flaws as the infamous unencrypted landing bank page, 
and the weird no name encrypted bank domain.

Nat traversal problems plus real time problems means that most people 
use roll your own encryption on audio and video calls over the internet, 
for example Skype, or, worse, no encryption at all - the bank landing 
page problem with knobs on.



More information about the cryptography mailing list