[curves] Second day NIST workshop notes

Watson Ladd watsonbladd at gmail.com
Mon Jun 15 08:10:40 PDT 2015

On Jun 15, 2015 4:24 AM, "Johannes Merkle" <johannes.merkle at secunet.com>
> Watson Ladd schrieb am 12.06.2015 um 22:36:
> > The reality is that most people invited don't care about security, but
the appearence of security. This was very
> > explicit when the Brainpool guy was complaining about Tanja Lange's
article and blamed the problems with standards on
> > incompetent implementors.
> This statement of yours is utterly wrong and comes close to an insult.
How can you deliver such a judgment when you
> haven't even talked to these people?

Unfortunately there isn't a transcript of the proceedings that I've found,
so I'll have to rely on my fallible memory.

But I distinctly recall complaining about Tanja's article at the second
panel. Not complaints about its accuracy, but that its publication put
unjustified suspicion on Brainpool. In fact during the weekend I heard
almost as much about "trust" as security, with a great deal of discussion
about how NIST needs to restore trust, etc. but very little about NIST
needs to help ensure security.

The second exchange blamed the security issues with ECC on incompetent
implementors. This sounds good, but ignores the reality: over the past year
and a half there have been critical bugs in many TLS stacks resulting from
the sort of flaws Curve 25519 was designed to deal with. I only heard one
presentation mention this fact. Does blaming incompetent implementors come
close to dealing with this situation?

The fact is that Internet crypto is mostly software and mostly nonexistent.
Hardware makes for a tiny fraction of TLS clients, slightly higher for
servers. The idea that Heartbleed will lead to everyone rushing out and
purchasing EAL4+ TLS termination hardware ignores the reasons why OpenSSL
is used in the first place.

If the participants were actually focused on improving the security of
Internet traffic they would focus on understanding why crypto
implementations have problems, and why these problems persist.

Watson Ladd

> --
> Johannes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/curves/attachments/20150615/f01296f7/attachment.html>

More information about the Curves mailing list