
Cryptographic Agility (2016) - erwan
https://www.imperialviolet.org/2016/05/16/agility.html
======
erwan
>There's a lesson in all this: have one joint and keep it well oiled.

>Protocol designers underestimate how badly people will implement their
designs. Writing down how you think it should work and hoping that it'll work,
doesn't work. TLS's protocol negotiation is trivial and the specification is
clear, yet it still didn't work in practice because it's difficult to oil.

>Rather one needs to minimise complexity, concentrate all extensibility in a
single place and actively defend it. An active defense can take many forms:
fuzzing the extensibility system in test suites and compliance testing is
good. You might want to define and implement dummy extensions once a year or
such, and retire old ones on a similar schedule. When extensions contain lists
of values, define a range of values that clients insert at random. In short,
be creative otherwise you'll find that bug rust will quickly settle in.

