Re: [integrity]: latency tradeoffs from Oda, Terri on 2014-01-15 (public-webappsec@w3.org from January 2014)

From: Oda, Terri <terri.oda@intel.com>
Date: Wed, 15 Jan 2014 10:23:30 -0800
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CACoC0R-D9vi3Dx3RSoq6C7Yc_v_MQ6+m3N+kQ0mRMQdWfj=fuA@mail.gmail.com>

On Tue, Jan 14, 2014 at 12:08 PM, Adam Langley <agl@google.com> wrote:

> Rather than a balanced binary tree for the Merkle tree, the tree can
> be made completely unbalanced. Specifically, the left child of every
> node is a data chunk and the right node (if any) is an interior node.
> This means that the root hash covers the first chunk and the next
> interior node. If the second chunk is preceded by this interior node,
> and so on, then the whole file is secured with only a single hash per
> chunk.
>

Anything that sounds like "take this existing cryptographic algorithm and
alter it in this way..." is a bit of a red flag in security.   For those of
us not particularly familiar with the Merkle tree and its applications,
could you provide some links that show that cryptographers believe that
this variation is a safe and reasonable way to provide stream verification
of data?

Received on Wednesday, 15 January 2014 18:23:58 UTC