[14386] in cryptography@c2.net mail archive
Re: Monoculture
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Oct  1 16:59:27 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: Guus Sliepen <guus@sliepen.eu.org>
Cc: cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: 01 Oct 2003 16:31:16 -0400
In-Reply-To: <20031001202052.GO715@sliepen.eu.org>
Guus Sliepen <guus@sliepen.eu.org> writes:
> You clearly formulated what we are doing! We want to keep our crypto as
> simple and to the point as necessary for tinc. We also want to
> understand it ourselves.
There is nothing wrong with either goal.
> Implementing our own authentication protocol helps us do all that.
Implementing is fine. Designing, however, may have a world of problems.
> Uhm, before getting flamed again: by "our own", I don't mean we think we
> necessarily have to implement something different from all the existing
> protocols. We just want to understand it so well and want to be so
> comfortable with it that we can implement it ourselves.
That's fine. There is nothing wrong with new implementations. My
biggest concern is with people rolling their own crypto algorithms and
protocols, not with people re-implementing them.
If you are going to implement something on your own, though, may I
strongly encourage you to write your code in a way that is inherently
secure?
Security is not only a question of correct protocols, but of good
implementation. Avoiding buffer overflows, using principles like
aperture minimization and least privilege, and a dozen other
techniques will help you make your system far more secure than it
would otherwise be.
-- 
Perry E. Metzger		perry@piermont.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com