Re: Draft of workshop notes

Brad Knowles (brad@azathoth.ops.aol.com)
Tue, 12 Mar 1996 16:21:08 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Raph Levien: "Clarifying controversial criteria"

On Mar 12,  1:25pm, Nicolls, J. Weston wrote:

> I take issue with your take on "algorithm specified".  Though the MSP spec 
> that is available now includes info on how the Fortezza algs are to be used 
> with MSP, they are not specified/required for the use of MSP.  MSP can 
> standalone from the algs (this will be clearer once SDN.701 rev 4 gets put 
> into a draft RFC).  If an implementer includes MSP in a UA with RSA and IDEA 
> as the only algs, they can do so without also implementing the Fortezza algs 
> (implementation would get a plus).  Secure PKCS specifies the implementation 
> of a specific 'weak' 40 bit algorithm. Secure PKCS is viewed as unsecure per 
> you criterion (gets a minus).  PGP gets a plus.  MSP gets a blank because it 
> does not specify that you must implement a particular algorithm.  The 
> cryptographic strength of MSP is undefined by the protocol.  It depends.

    By definition then, the implementations are not guaranteed
interopable, nor are they guaranteed secure (a version of MSP could be
used with insecure encryption algorithms).  I think they fail all
three of Raph's tests.

    I suspect that my tests of publicly reviewed cryptographic
algorithms and freely available reference implementations are likewise
failed by MSP, because the protocol doesn't specify what the minimum
standard implementation is.


    Perhaps the best thing would be a companion (implementation?)
document that could be pointed to by the "official" MSP spec that says
what the current minimum standard implementation can consist of, in
terms of encryption algorithms, types of certificates that must be
supported, etc....

> Based on the above, then the exportability of MSP depends on the 
> implementation also (gets a blank).

    Yup.

> Also, grading of algs depends on who the customer trusts for the evaluation.

    I think this is pretty much self-defined by the best available
Cryptographic experts.  If there is wide consensus that something is
insecure (such as RC2 at 40 bits), then it is "insecure".  I think
this is called "best available practice", or somesuch.

-- 
Brad Knowles                           MIME/PGP: BKnowles@aol.net
    Mail Systems Administrator        <http://www.his.com/~brad/>
    for America Online, Inc.                   Ph: (703) 453-4148

	PGP keys available from pgp-public-keys@pgp.ai.mit.edu

Previous message: Raph Levien: "Clarifying controversial criteria"