Re: "Recommended" is a bad word :)

Would it help to augment the existing warning text cited by Vijay with some
_examples_ of published attacks / weaknesses for some of the algorithms ?
This would provide a more explicit warning but without purporting to be
exhaustive, up-to-date or chosen according to some particular criteria.

IIUC the concern with the proposed text is that it might give the
impression we're providing exhaustive, up-to-date advice and that we have
some agreed yardstick by which to measure whether a given algorithm should
get a thumbs up or thumbs down.

On the other hand, pointing to some examples to back up our assertion that
designing your own protocols is fraught with danger, seems like it would be
helpful.

...Mark

Sent from my iPhone

On May 13, 2014, at 6:05 AM, "Salz, Rich" <rsalz@akamai.com> wrote:

Thank you for your reply.



> I’m not sure that is entirely fair.



Perhaps.  But by reading the public record, and the (tone of) my public
discussions on this list, it’s a plausible conclusion to draw.



> So  we’ve opted to take the approach of saying “It’s all scary, so ask an
expert.”



My point is that experts have already weighed in and pointed out there are
issues with existing uses of certain mechanisms in the way they are
currently used.  Since section 5.2 warns against creating new protocols, it
seems a no-brainer to list items that are known to have problems. If you
think my suggested warning leads to a (sic) false sense of security, then I
would be delighted to see the WG strengthen it to avoid that.



My concern, as I have consistently tried to explain, is that you are
unleashing a general-purpose cryptographic API with no warnings or
practical security advice.  In turn, the responses I have consistently
heard, is that someone else should do that.  We disagree.



                /r$



--

Principal Security Engineer

Akamai Technologies, Cambridge, MA

IM: rsalz@jabber.me; Twitter: RichSalz