RE: Last ditch proposal for crypto suites

["Hallam-Baker, Phillip" <pbaker@verisign.com>]

> Note that some of these systems have GUIs that only allow single 
> choices for the administrator, but send out multiple proposals anyway 
> ("in order to increase interoperability", I am told).

Or maybe so that if an algorithm is compromised we give the attacker the
maximum possible opportunity to exploit it.

My experience dealing with remediation of various crypto failures and bugs
is that the less flexible the end applications are the better the chance
there is of finding an interim fix. For example recently there was a bug
discovered that made use of the fact that an application had two separate
code paths for dealing with a particular function. There was a serious bug
in one path, however it is possible to prevent the bug being exploited in
future by forcing the app to always choose the safe code path.

An algorithm suite compromise is in my view separate from an algorithm
compromise. It is fairly rare that an algorithm is broken completely all in
one go. With MD4 we got five years warning that there was likely a problem.
Even with a protocol as baddly broken as WEP remediation is possible that
makes the attackers job a lot harder by careful configuration.

While security through obscurity, patch and mend etc are bad design, they
are often the only available practice.

At some point IPSEC (or something like it) is going to be ubiquitous on
cheap devices where recall of faulty product is not an option.


		Phill