[PP-main] Technical/implementation matters

Joakim Ziegler joakim at simplemente.net
Mon Mar 6 00:41:59 CET 2000


On Sun, Mar 05, 2000 at 11:07:21PM +0000, Andrew Cooke wrote:
> At 04:11 PM 3/5/00 -0600, you wrote:
>>Of course, there will be documentation in the near future. Harping on about
>>the relative merits of cryptosystems when you're not a cryptographer seems
>>slightly useless, though. HTTP has crypto. Flux has crypto. Why not look at
>>the differences instead?
 
> I have not been abusive in this thread, but I am getting tired of your
> sniping.  I am not a cryptographer, and I do not claim to be.  But I have
> had experience of working with secure protocols.  What I was asking was a
> basic question that should have been simple to answer.  

They are simple to answer, and I believe we have. In particular, the message
from Hans Petter should adequatly answer any direct question you might have
about how the protocol works. If not, please reply to that mail with more
questions.


> If you don't want to discuss this, then fine.  It is your project, not
> mine.  You are apparently convinced that it is good enough and anyone who
> thinks otherwise has to prove it.  That is a strange way to approach
> security - I had always thought that it was the responsibility of the
> implementer to document and prove security.

I've repeatedly tried to correct some of the misconceptions I believe you had
about how cryptography works. I'm sorry if that came across as arrogant.

I believed the following to be adequate documentation of secury on a
conceptual level (below which is the code level, but that requires more
careful examination of the source and implementation):

1) Flux uses well-known and proven encryption schemes, some of them stronger
   than what's commonly used in for instance SSL. Namely, El Gamal for
   asymmetric crypto, and Twofish for symmetric. These have the additional
   advantages that they are patent-free.
2) The system used for exchanging keys and verifying host identity, foiling
   man in the middle attacks, etc. is the same as is used by SSH, that is,
   keeping a record of the host identity signature the first time you
   connect, and detecting changes in the signature.
3) The actual implementations we use are taken from GPG, a well-documented
   and publicly scrutinized implementation. The main changes we've made to
   that is to turn it into a library.

In addition, refer to Hans Petter's lengthy mail about how the key exchange
works.

Now, if there are other doubts, questions, etc., I ask you to bring them to
the table. Don't leave the list or act insulted over a technical discussion.
It's technical, there are facts, not opinions.

With that stated, I'll repeat my original concern: That arguing over the
cryptographic system and implementation if of much less interest than a lot
of other issues, technical and otherwise.

-- 
Joakim Ziegler - simplemente r&d director - joakim at simplemente.net
 FIX sysop - free software coder - FIDEL & Conglomerate developer
      http://www.avmaria.com/ - http://www.simplemente.net/





More information about the Peerpress-main mailing list