[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cfrg] RE: Where's the beef?

To: Alex Alten <Alten@attbi.com>
Subject: Re: [Cfrg] RE: Where's the beef?
From: Jim Hughes <jim@storage.network.com>
Date: 30 Aug 2002 16:20:19 -0500
Cc: "David A. Mcgrew" <mcgrew@cisco.com>, cfrg@ietf.org, Ran Canetti <canetti@watson.ibm.com>
In-reply-to: <3.0.3.32.20020830115017.0145a6a8@mail>
List-help: <mailto:cfrg-request@ietf.org?subject=help>
List-id: Crypto Forum Research Group <cfrg.ietf.org>
List-post: <mailto:cfrg@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>,<mailto:cfrg-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/cfrg>,<mailto:cfrg-request@ietf.org?subject=unsubscribe>
References: <3.0.3.32.20020830115017.0145a6a8@mail>
Sender: cfrg-admin@ietf.org

au contraire, mon ami. 

The best way to get the best minds to look at the problem for free is to
write a bad standard. 

The fame for breaking a standard (ala RC-4 and thus WEP, A5 and thus
GSM, CBC padding and thus SSL, IPSEC and WTLS) is very seductive to the
people that do this for a living. It is also very embarrassing and
humbling experience that I do not want to be a party to.  

What http://www.siswg.org has done is to pose a specific problem to the
crypto community so that the real cryptographers look at it. We have
been successful with a call for algorithms
http://www.cryptobroker.com/index.php?project=2 at getting several of
the top names in crypto modes to look at the problem for free, and we
also hope that they will come and present at a large workshop
http://www.ieee-tfia.org/sisw2002/index.html. We hope to standardize at
least one of the solutions.

By stating the problem in more cryptographic terms so that an algorithm
can be found (if it exists) or built, and by casting a wide net, I
believe will result in a better outcome than the usual committee
approach.

cfrg@ietf.org is nice and it will bring added light on the process and
help a group be sure they are not making a real bonehead move, but a
review by this list not be enough to have caught the RC-4, A5 or CBC
weaknesses. The review may have resulted in opinions that "I would not
have done it this way" but I doubt that in these cases that these
opinions would have swayed the committee away from their "decision". I
doubt if paying people to do the research will provide anything more
than similar opinions and committees with similar final (non) decisions.

I believe a better way is to try to educate the committees on how to
engage the crypto community before they get their feet cemented in a
particular solution, and if we can do this, then this will be a valuable
result.

Thanks. 

jim

On Fri, 2002-08-30 at 13:50, Alex Alten wrote:
> At 10:58 AM 8/30/2002 -0700, David A. Mcgrew wrote:
> >> Do you have a budget to do serious stuff?
> >
> >What do you have in mind?  Is there something that you'd like to see
> >discussed or reviewed?
> >
> 
> You side-stepped my budget question.  So I assume no money is available.
> This is a pity, because the best minds in the crypto world will not work
> for free, unlike the usual university or corporate lab network
> programmer
> in an IETF WG.  This will make it difficult to produce anything useful
> here.  As a practical matter we will need to back up our RFC's with
> outside analysis.  This can be costly (although I suppose we would get
> discounts).
> 
> Good luck (raising cash),
> 
> - Alex
> 
> 
> 
> --
> 
> Alex Alten
> Alten@ATTBI.com
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/cfrg
-- 
_______________________________________________
Cfrg mailing list
Cfrg@ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg

References:
- [Cfrg] RE: Where's the beef?
  - From: Alex Alten

Prev by Date: [Cfrg] RE: Where's the beef?
Next by Date: Re: [Cfrg] RE: Where's the beef?
Previous by thread: Re: [Cfrg] RE: Where's the beef?
Next by thread: Re: [Cfrg] RE: Where's the beef?
Index(es):
- Date
- Thread