Don't design security protocols (Was: Gemini privacy
stephane at sources.org
Wed Mar 10 08:39:56 GMT 2021
On Tue, Mar 09, 2021 at 07:36:37PM +0100,
nothien at uber.space <nothien at uber.space> wrote
a message of 41 lines which said:
> I've been collecting ideas for a new transport security protocol. I
> know ~spc's stance on crypto ("get it approved by the crypto
> community, make an implementation, then we'll talk"), and I'm not
> saying we should switch to a magic protocol that doesn't exist; but
> that we should at least consider making a wishlist of sorts of all
> the things that we would want out of a "good" transport security
> protocol (if you have any such ideas, please share them with me).
There are two kinds of people who design security protocols: geniuses
(who don't need my advice) and people who overstimate their abilities.
Seriously, designing a secure transport protocol is *hard*. I repeat,
HARD. There are are many traps. One of the most important is that
failures are not obvious. If you create a program to display images,
anyone, even not an expert, can see if the program works or not. If
you create a security protocol, even experts may not be able to tell
immediately that there is a vulnerability.
And I don't even mention implementation, which adds its own risks.
More information about the Gemini