[13793] in cryptography@c2.net mail archive
Re: LibTomNet [v0.01]
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Jul 9 08:29:38 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: tom st denis <tomstdenis@yahoo.com>
Cc: EKR <ekr@rtfm.com>, cryptography@metzdowd.com
Date: Tue, 08 Jul 2003 21:24:27 -0400
From: "Steven M. Bellovin" <smb@research.att.com>
[Moderator's note: I've been choking back the LibTomNet argument but I
thought Steve's specific references here are interesting, even if the
point has already been made. --Perry]
In message <20030707230743.64482.qmail@web41109.mail.yahoo.com>, tom st denis w
rites:
>
>The RFC looks like it was written by a member of the ACLU and done at
>an hourly rate of some sort. It contains no test vectors, no sample
>source code and generally is not enough information to code a compliant
>SSL protocol.
What does the ACLU have to do with it? "Be liberal in what you accept?"
>
>Not only is my code way smaller than a compliant SSL library but it is
>also simpler. There are only eight functions in LibTomNet and of
>LibTomCrypt you only need a half dozen at most [setup the prng, RSA key
>gen, export/import]. In otherwards my code is [should be] very easy to
>work with since there is a minimum of clutter to get in the way.
>
Tom, I don't know you, and I don't know what your background in crypto
protocol design is. It's an *exceedingly* subtle art.
A few months ago, I went back and reread the original Needham-Schroeder
paper, from December 1978. It is, as far as I know, the first paper in
the open literature on cryptographic protocols. In it, the authors
warn that they think that this is a very difficult area, and that
subtle flaws will occurs. That's one of the more amazing instances of
prescience I've seen.
Let me briefly review the history of that protocol. As I said, it was
published in December, 1978. It had symmetric and asymmetric versions
of the protocol. The latter -- taking into account certificates, which
had not yet been invented -- was only three lines long. In August 1981,
Denning and Sacco published a paper describing a comparatively subtle
flaw in the protocol; they also proposed a fix. In 1994, Abadi and
Needham described a flaw in the Denning/Sacco replacement. (That flaw
might have been described in 1987, but I'm traveling and don't have my
library with me...) In 1996, a new flaw was found in the original
Needham-Schroeder asymmetric variant -- a flaw that was blindingly
obvious once pointed out.
Tell me -- why should anyone trust your new protocol, given the history
of one of the most-studied protocols in the field? SSLv3 has had a lot
of scrutiny. Has yours?
>
>At anyrate LibTomNet is not an SSL replacement. It's a library for
>developers who need simple to work with secure sockets.
That's what SSL is.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
