[cryptography] the spell is broken

Jon Callas jon at callas.org
Wed Oct 2 18:23:11 EDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Oct 2, 2013, at 12:26 PM, coderman <coderman at gmail.com> wrote:

> On Wed, Oct 2, 2013 at 10:38 AM, Jared Hunter <feralchimp at gmail.com> wrote:
>> Aside from the curve change (and even there), this strikes me as a marketing message rather than an important technical choice. The message is "we react to a deeper class of threat than our users understand."
> 
> 
> it is simpler than that.  to signal integrity, and provide assurance,
> it is common not just to avoid impropriety, but to avoid the
> _appearance_ of impropriety.
> 
> this change, while not materially affecting security (the weakest link
> in SilentCircle was never the crypto) succeeds in conveying the
> message of integrity as paramount.
> 
> so yes, a marketing message, but a simple one. i have no problem with
> this as long as they're not implying that AES or SHA-2 are broken in
> some respect.

Thank you very much for that assessment.

I'm not implying at all that AES or SHA-2 are broken. If P-384 is broken, I believe the root cause is more that it's old than it was backdoored. 

But it doesn't matter what I think. This is a trust issue.

A friend of mine offered this analogy -- what if it was leaked that the government replaced all of a vaccine with salt water because some nasty jihadis get vaccinated. This is serious and pretty horrifying.

If you're a responsible doctor, and source your vaccines from the same place, even if you test them yourself you're stuck proving a negative and in a place where stating the negative can look like you're part of the conspiracy.

I see this as a way out of the madness. Yes, it's "marketing" if by marketing you mean non-technical. By pushing this out, we're letting people who believe there's a problem have a reasonable alternative. 

If we, the crypto community, decide that the P-384+AES+SHA2 cipher suite is just fine, we can walk the decision back. It's just a software change.

Let me also add that I wouldn't fault anyone for deciding differently. We, the crypto community, need to work together with security and respecting each other's decisions even if we make different decisions and do different things. I respect the alternate decision, to stay the course.

	Jon




-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFSTJzTsTedWZOD3gYRAtsxAJ9CPoZjv+shNwID/ip+9KOcWK/JrQCeKuNv
rZmdU8syRIb+6KmX3xqEHt8=
=W3/0
-----END PGP SIGNATURE-----


More information about the cryptography mailing list