DH Support and Marketing
paul at ciphergoth.org
Wed Jun 22 01:12:26 PDT 2005
I wrote a long and detailed point-by-point response to this, but my
browser ate it, so you're spared.
In this mail, you seem to be arguing for making DH mandatory on two grounds:
(1) We should follow the norm
(2) It makes advocacy easier.
However, the "norm" would be to use SSL certificates (or some similar
central issuer) to authenticate the servers. The norm is certainly not
to agree an encryption key while making no effort to authenticate the
parties involved! In fact, to those a little more sophisticated,
unauthenticated DH seems exactly as strange and ridiculous at first
glance as sending the keys in plain text is to you.
OpenID has made the decision not to insist that servers get SSL
certificates, because that would kill it stone dead. So we've already
left the "norm" way behind. What tradeoffs we make between security and
adoption in this largely uncharted territory is up to us.
On the second point, I shall entertain no arguments based on the ease of
advocacy. At that point, you're no longer arguing on the grounds that
it's needed for security, but on the grounds that those who don't know
much about it might think it was. Designing a secure yet usable system
is hard enough as it is without having to add go-faster stripes.
When I proposed that we support no encryption on the authentication key
fetch, you argued in favour of it by presenting a plausible, if somewhat
contrived, scenario in which having DH would make a geniune difference,
and that was largely what won it a place in the protocol. Please return
to this laudible practice of arguing on the basis of real security benefits.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis