Re: [Cfrg] draft-irtf-cfrg-dragonfly document status
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 09 October 2014 02:02 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BEEA1A8977 for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 19:02:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.586
X-Spam-Level:
X-Spam-Status: No, score=-3.586 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AyLoEho8-mgx for <cfrg@ietfa.amsl.com>; Wed, 8 Oct 2014 19:02:32 -0700 (PDT)
Received: from mx2.auckland.ac.nz (mx2.auckland.ac.nz [130.216.125.245]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C09A1A8974 for <cfrg@irtf.org>; Wed, 8 Oct 2014 19:02:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=uoa; t=1412820153; x=1444356153; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=UDo2FcMYi8D5X3DYvWB5t5FKKQ8PYEwHEdJH4TwOFfA=; b=dBloquBC+MvZ0taKfajwKhgoILSZ6bd1KvBYRnk6JyYnDkcnOD4s5Wc9 ufpCZFxGAVmSo3Nai7g4tgHxzXJlT5KG7+zoy5UrLuh2isyTmr4GfO54Q 5+MvQbrq545O5KEfkV0DYiWM6GVktQ1acf2mi4Eh03PkmFe5JyXgesLqR E=;
X-IronPort-AV: E=Sophos;i="5.04,630,1406548800"; d="scan'208";a="281725252"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.106 - Outgoing - Outgoing
Received: from uxchange10-fe2.uoa.auckland.ac.nz ([130.216.4.106]) by mx2-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 09 Oct 2014 15:02:28 +1300
Received: from UXCN10-TDC05.UoA.auckland.ac.nz ([169.254.9.70]) by uxchange10-fe2.UoA.auckland.ac.nz ([169.254.27.86]) with mapi id 14.03.0174.001; Thu, 9 Oct 2014 15:02:26 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "'cfrg@irtf.org'" <cfrg@irtf.org>
Thread-Topic: [Cfrg] draft-irtf-cfrg-dragonfly document status
Thread-Index: Ac/jZRJm/JHh8KuIQ2Ogq3JzevkqGg==
Date: Thu, 09 Oct 2014 02:02:25 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C739B9C583C@uxcn10-tdc05.UoA.auckland.ac.nz>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/3MA8O70BBO3uuGp9wSbZZw0VMA0
Subject: Re: [Cfrg] draft-irtf-cfrg-dragonfly document status
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Oct 2014 02:02:37 -0000
Watson Ladd <watsonbladd@gmail.com> writes: >I'm questioning the ability of market participants to evaluate cryptography. Market participants are almost totally unable to evaluate cryptography, because they're bankers, shopkeepers, hardware engineers, software developers, and so on, not security geeks. In my experience of dealing with lots (and lots and lots) of users of crypto, products are evaluated, in the rare cases when they've evaluated on something other than "this is what the vendor sold us", as: 1. The standard says do this (with a side-order of "we've always used double rot-13 and if you squint at the standard just right then there's nothing there prohibiting this so we'll keep using it", which is why I've been an advocate of strong MUST NOTs in standards in the past). 2. We ran a speed test and their AES is 15% faster than your AES, we'll go with their TLS/SSH/SMIME/whatever stack. Occasionally if they're a very large corporate or bank they'll hire in a star mathematician from somewhere who'll advise them on what crypto to use, which will invariably be something whose ideal target platform is a slide projector. So, market participants cannot, and more importantly should not be required to evaluate crypto. That's what we're here for. If we can't do that then we're not doing our job. Peter.
- [Cfrg] draft-irtf-cfrg-dragonfly document status Alexey Melnikov
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Paul Lambert
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Paul Lambert
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Dan Harkins
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Peter Gutmann
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Dan Harkins
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Schmidt
- [Cfrg] PAKEs in general (was; Re: draft-irtf-cfrg… Stephen Farrell
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Paul Lambert
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Andy Lutomirski
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Mike Hamburg
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Alexey Melnikov
- [Cfrg] JPAKE and a few other things (was Re: draf… Alexey Melnikov
- [Cfrg] Writing proposals as drafts first (was Re:… Alexey Melnikov
- [Cfrg] PAKE requirements Alexey Melnikov
- Re: [Cfrg] draft-irtf-cfrg-dragonfly document sta… Watson Ladd
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Yoav Nir
- Re: [Cfrg] PAKEs in general (was; Re: draft-irtf-… Dan Harkins