The National Academies Press

Currently Skimming:

3 Standards and Security Implications
Pages 29-38

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 29... ... 7696 guidelines from the Internet Engineering Task Force, and David McGrew drew on real-world experiences and data to highlight lessons learned and future directions. RFC 7696: GUIDELINES FOR CRYPTOGRAPHIC ALGORITHM AGILITY AND SELECTING MANDATORY-TO-IMPLEMENT ALGORITHMS Russ Housley, Vigil Security, LLC Russ Housley, founder of Vigil Security, LLC, and past chair of the Internet Architecture Board (IAB) Read the entire page →
From page 30... ... A weak key agreement paired with a strong cipher, for ex ample, is still vulnerable to attack at its weakest point -- another downside to a piece-by 30 Forum on Cyber Resilience Read the entire page →
From page 31... ... In this sense, opportunistic security makes pervasive, passive surveillance difficult because many users employing a weaker algorithm or shorter keys can force an entity trying to do covert sur veillance to break all of those endpoints, which is a difficult and time-consuming task. In the discussion, Eric Grosse, Google, Inc., said that when most communication was clear text, he was in favor of opportunistic security. Read the entire page →
From page 32... ... Offer ing an example from his past role as IETF Security Area Director, he recalled receiving a complaint from Russian financial institutions that there was no support for the GOST algorithms (an alternative to Data Encryption Standard) in the existing TLS protocol. Read the entire page →
From page 33... ... Noting that this diverse international context The mandatory-to- creates modularization of security mechanisms, Swire asked whether these differences might be a "blessing implement algorithm in disguise." Housley categorized it as a double-edged sword: while modularity has its benefits, configuration needs to be as around national algorithms makes it harder to maintain strong as possible interoperability and creates a tough situation when flaws are found. Then, the question becomes how to change to give all users a the configuration or implementation to eliminate the flawed module without losing interoperability. Read the entire page →
From page 34... ... Principles Relevant to Cryptographic Agility McGrew began by highlighting what he sees as key principles related to cryptographic services, implementations, and agility. The first is that agility is essential for protecting against future threats and supporting backward compatibility. Read the entire page →
From page 35... ... Protocol agility can be easy or difficult, but in McGrew's view, it is more important, in many ways, than algorithm agility. McGrew defined the final type, implementation agility, as the ability to update or replace software found to have a security flaw. Read the entire page →
From page 36... ... Data on client key lengths also revealed that very few people were using op timum key sizes to maximize security, a finding that surprised McGrew. In addition, McGrew expressed serious concern about the large number of people using software and hardware that is no longer secure or supported by the manufacturer. Read the entire page →
From page 37... ... McGrew hypothesized that a storage bounded model could work to keep stored data secure while it is deencrypted away from a weak security system and reencrypted with stronger security. Russ Housley added that a working group known as Long-term Archive and Notary Standards was looking at this question in terms of the security of digital signatures, but he did not know whether it had considered confidential stored data. Read the entire page →
From page 38... ... Emphasizing the importance of implementation agility, McGrew said that implementation agility can complement algorithm agility when interface designers anticipate future flaws, whether in the anti-replay, freshness checking, padding, or another aspect of cryptography. Whatever it is, it needs to be properly addressed and easily replaceable before such a flaw is detected, he said. Read the entire page →

From page 29...

... 7696 guidelines from the Internet Engineering Task Force, and David McGrew drew on real-world experiences and data to highlight lessons learned and future directions. RFC 7696: GUIDELINES FOR CRYPTOGRAPHIC ALGORITHM AGILITY AND SELECTING MANDATORY-TO-IMPLEMENT ALGORITHMS Russ Housley, Vigil Security, LLC Russ Housley, founder of Vigil Security, LLC, and past chair of the Internet Architecture Board (IAB)

Read the entire page →

From page 30...

... A weak key agreement paired with a strong cipher, for ex ample, is still vulnerable to attack at its weakest point -- another downside to a piece-by 30 Forum on Cyber Resilience

Read the entire page →

From page 31...

... In this sense, opportunistic security makes pervasive, passive surveillance difficult because many users employing a weaker algorithm or shorter keys can force an entity trying to do covert sur veillance to break all of those endpoints, which is a difficult and time-consuming task. In the discussion, Eric Grosse, Google, Inc., said that when most communication was clear text, he was in favor of opportunistic security.

Read the entire page →

From page 32...

... Offer ing an example from his past role as IETF Security Area Director, he recalled receiving a complaint from Russian financial institutions that there was no support for the GOST algorithms (an alternative to Data Encryption Standard) in the existing TLS protocol.

Read the entire page →

From page 33...

... Noting that this diverse international context The mandatory-to- creates modularization of security mechanisms, Swire asked whether these differences might be a "blessing implement algorithm in disguise." Housley categorized it as a double-edged sword: while modularity has its benefits, configuration needs to be as around national algorithms makes it harder to maintain strong as possible interoperability and creates a tough situation when flaws are found. Then, the question becomes how to change to give all users a the configuration or implementation to eliminate the flawed module without losing interoperability.

Read the entire page →

From page 34...

... Principles Relevant to Cryptographic Agility McGrew began by highlighting what he sees as key principles related to cryptographic services, implementations, and agility. The first is that agility is essential for protecting against future threats and supporting backward compatibility.

Read the entire page →

From page 35...

... Protocol agility can be easy or difficult, but in McGrew's view, it is more important, in many ways, than algorithm agility. McGrew defined the final type, implementation agility, as the ability to update or replace software found to have a security flaw.

Read the entire page →

From page 36...

... Data on client key lengths also revealed that very few people were using op timum key sizes to maximize security, a finding that surprised McGrew. In addition, McGrew expressed serious concern about the large number of people using software and hardware that is no longer secure or supported by the manufacturer.

Read the entire page →

From page 37...

... McGrew hypothesized that a storage bounded model could work to keep stored data secure while it is deencrypted away from a weak security system and reencrypted with stronger security. Russ Housley added that a working group known as Long-term Archive and Notary Standards was looking at this question in terms of the security of digital signatures, but he did not know whether it had considered confidential stored data.

Read the entire page →

From page 38...

... Emphasizing the importance of implementation agility, McGrew said that implementation agility can complement algorithm agility when interface designers anticipate future flaws, whether in the anti-replay, freshness checking, padding, or another aspect of cryptography. Whatever it is, it needs to be properly addressed and easily replaceable before such a flaw is detected, he said.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

3 Standards and Security Implications Pages 29-38

3 Standards and Security Implications
Pages 29-38