Matt Blaze:
It is probably no longer acceptable, as it was just a few years ago,
to throw together an ad-hoc authentication or key agreement protocol
based on informal "obvious" security properties, without a strong
proof of security and a clear statement of the model under which the
security holds.
For some recent relevant papers, see the ACM-CCS '02 paper my colleagues
and I wrote on our JFK protocol (http://www.crypto.com/papers/jfk-ccs.ppt),
and Ran Canetti and Hugo Krawczyk's several recent papers on the design
and analysis of various IPSEC key exchange protocols (especially their
CRYPTO'02 paper).
Eric Rescorla:
And I'm trying to understand why. This answer sounds a lot like NIH.
Look, there's nothing wrong with trying to invent new protocols,
especially as a learning experience. What I'm trying to figure
out is why you would put them in a piece of software rather
than using one that has undergone substantial analysis unless
your new protocol has some actual advantages. Does it?
I imagine the Plumbers & Electricians Union must have used similar
arguments to enclose the business to themselves, and keep out unlicensed
newcomers. "No longer acceptable" indeed. Too much competition boys?
Who on this list just wrote a report on the dangers of Monoculture?
Rich Schroeppel [EMAIL PROTECTED]
(Who still likes new things.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
