Practice Cryptography!

Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.

Friday, April 11, 2008

 

One of the largest issues that I have with the current spate of specifications is the need that specification writers seem to have to encode policy into what really should be a simply technical specification.

As an example, TLS requires that any server that wishes to ask for client authentication identify and provide its authentication credentials first.  For a peer-to-peer protocol, though, this is inappropriate -- if someone connects to me and asks me for services, I want to know who they are before I make any decision whether to even tell them who I am.

Now, the issues involved are complex, and I can understand why they didn't want to allow it -- but the fact remains that an otherwise perfectly useful protocol has been rendered perfectly not simply because they wanted to make sure that there was no way that the protocol could be used to attack people who were trying to connect to bank sites with SSL/TLS and having their credential information harvested by some rogue in-between.

Grr.

posted by Kyle H  # 12:03 AM 0 comments

Archives

2006-02-12   2006-02-19   2006-02-26   2006-03-05   2006-03-12   2006-03-19   2006-03-26   2006-04-02   2006-04-09   2006-04-16   2006-04-23   2006-07-23   2008-01-13   2008-01-20   2008-02-03   2008-02-17   2008-03-16   2008-04-06   2008-05-11  

This page is powered by Blogger. Isn't yours?