Re: Security Problems

Brad Knowles (brad@azathoth.ops.aol.com)
Tue, 5 Mar 1996 19:50:51 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dave Crocker: "Re: States and the 8 bit dilemma"
Previous message: Terry Ritter: "Re: Security Problems"
Maybe in reply to: Terry Ritter: "Security Problems"

On Mar 5,  4:31pm, Terry Ritter wrote:

>                  By reducing the information under any one cipher, 
>  we make real attacks on each cipher must less profitable, and 
>  thus less likely.  This helps everybody.  And, since it seems to
>  be *impossible* to prove any practical cipher secure, it is hard
>  to imagine selecting any particular cipher as a standard.

    One of the fundamental problems that we have today is that we have
too many standards.  Having a multitude of encryption algorithms that
everyone must support is just going to cause a combinatorial explosion
of the complexity of the programs implementing those algorithms and
the security based on those algorithms.  At the workshop, Dave Crocker
explicitly noted that this fact has already been the virtual death of
one "secure email" standard.

    This is why we need to have a central registry that defines how we
determine what encryption algorithms (and associated algorithms) are
used, and how to process public keys.  It's relatively easy to swap
out large numbers of public keys if the underlying algorithm is
determined to be insecure, but if any initial channel is assumed to be
secure because of some inherent algorithm that was designed into the
standard, then that is the weakest point of the whole system, and
therefore will get the most attention.  Once you break that initial
channel that is assumed to be secure, everything else falls.


    During the initial phases of acquiring public keys and attempting
to determine what encryption algorithms can be supported by both ends,
you cannot assume that the negotiations themselves will take place in
a secure medium or with a trusted partner at the other end, so you
have to use methods that establish their own security and trust
through procedures and zero knowledge proofs in the clear.  If you
want to add a layer of link-level encryption on top of that, so be it.
But the standard must not depend on it.


    Publishing what encryption algorithm you support for your public
key in a central registry is exposing yourself on only one algorithm.
Answering "I don't understand any of those algorithms, but here's a
complete list of the ones I do" is unnecessarily exposing yourself to
risk of a spoofing attack from the other side.

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator          <http:www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148

Next message: Dave Crocker: "Re: States and the 8 bit dilemma"
Previous message: Terry Ritter: "Re: Security Problems"
Maybe in reply to: Terry Ritter: "Security Problems"