RE: [Cfrg] Re: [saag] Algorithm upgrades

["Hallam-Baker, Phillip" <pbaker at verisign.com>]

I will take a different position here:

1) There is no point in having the ability to use multiple algorithms unless
you have a fully thought out mechanism for a transition to a new algorithm
without a flag day on the installed base.

2) Since (1) is almost never acomplished most cases where multiple
algorithms are specified lead to a net loss of security.


This is not the only case where the ideology of security goes astray when it
meets reality unless the correct side conditions are also met. In theory
open source code should have less security bugs than closed. In practice
this is only the case if a) the open-ness of the code actually leads to
serious security review and 2) the bugs get fixed. The side conditions must
be met for the argument to hold.


I think that it would be good to have a set of generally understood status
levels for algorithms and a commonly agreed process for making and
withdrawing recommendations. I disagree with the notion that the best way to
achieve this would be to try to establish this in IETF process. While the
IETF would be a good place for such a process to end up I don't think that
there is any appetite for institutional innovation. We have been talking
about something of this sort for 5 years or so without anything ever
happening.

What I suggest is done instead is that the process be established outside
IETF process by an industry cabal. After running the process for some time,
getting the kinks worked out etc it would be turned over to some standards
body for ongoing mantenance as a turnkey operation.


		Phill

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg