[cryptography] the spell is broken

Nico Williams nico at cryptonector.com
Fri Oct 4 20:32:37 EDT 2013

On Fri, Oct 4, 2013 at 6:55 PM, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
>> b) algorithm agility is useless if you don't have algorithms to choose
>> from, or if the ones you have are all in the same "family”.
> Yep.
> And even though that was the excuse for including Dual_EC_DRBG among the
> other DBRGs, doesn’t take away from the what you say.

I've never seen this reason given as an excuse for having Dual_EC
(though I can believe it).  I was referring to ciphersuites anyways;
one does not negotiate RNGs, after all!  (But, yes, RNGs frameworks
should be pluggable.)

> I would add a third.
> c) The set of suites need to be maintained over time, with a clear way to
> signal deprication and to bring new things in. If we are stuck with the
> same set of suites that we had 15 years ago, everything in there may age
> badly.

Legacy is a difficult problem.  We should be less afraid to cut old
things off, but... it always proves too risky, so instead we hobble
along until the risk of continuing to allow very old legacy code to
interop overwhelms the risk of disabling interop with said old code.


More information about the cryptography mailing list