DH Support and Marketing

Paul Crowley paul at ciphergoth.org
Wed Jun 22 01:12:26 PDT 2005

I wrote a long and detailed point-by-point response to this, but my 
browser ate it, so you're spared.

In this mail, you seem to be arguing for making DH mandatory on two grounds:

(1) We should follow the norm

(2) It makes advocacy easier.

However, the "norm" would be to use SSL certificates (or some similar 
central issuer) to authenticate the servers.  The norm is certainly not 
to agree an encryption key while making no effort to authenticate the 
parties involved!  In fact, to those a little more sophisticated, 
unauthenticated DH seems exactly as strange and ridiculous at first 
glance as sending the keys in plain text is to you.

OpenID has made the decision not to insist that servers get SSL 
certificates, because that would kill it stone dead.  So we've already 
left the "norm" way behind.  What tradeoffs we make between security and 
adoption in this largely uncharted territory is up to us.

On the second point, I shall entertain no arguments based on the ease of 
advocacy.  At that point, you're no longer arguing on the grounds that 
it's needed for security, but on the grounds that those who don't know 
much about it might think it was.  Designing a secure yet usable system 
is hard enough as it is without having to add go-faster stripes.

When I proposed that we support no encryption on the authentication key 
fetch, you argued in favour of it by presenting a plausible, if somewhat 
contrived, scenario in which having DH would make a geniune difference, 
and that was largely what won it a place in the protocol.  Please return 
to this laudible practice of arguing on the basis of real security benefits.
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the yadis mailing list