

Utu: Zed Shaw's replacement for http - nickb
http://savingtheinternetwithhate.com/design.html

======
aggieben
But, see, people _like_ not having strong identities on the internet, and
where it matters, reputation and identity get built up organically already
(i.e., I don't need Utu to know who the idiots are in my favorite IRC
channels).

------
KirinDave
Because of Utu's resounding success as a replacement for IRC, it now does
HTTP! Oh wait...

------
sigstoat
listing what ciphers and hash functions you're using for a project has got to
be on the top 10 list of signs that you don't understand security.

~~~
tptacek
As a practitioner, I'm going to chime in and agree completely.

Shaw has created a merit badge sash of crypto exotica: Needham-Shroeder key
exchange (oh, sorry, "ISO IEC 48798783 without the Helsinki vulnerability"), a
bizarro block cipher mode, a custom PRNG, and no explanation whatsoever of the
motivation behind his choices. Of course, this is all just libtomcrypt under
the hood, which probably explains the showy idiosyncrasy.

You'd be able to take something like this more seriously if Zed "So Fucking
Awesome" Shaw had ever contributed any findings against TLS, or even SSH. But
that would be Hard, Harder than "fighting the cargo cults" --- people much
more demonstrably competant than Shaw have already shaken the bugs out of TLS.

Generally, I find Shaw's arguments and reasoning about security unconvincing.
For instance, there's a place in that article where he argues that "binary
protocols have fewer buffer overflows" --- he might as well just write "I
don't pay attention to vulnerability research". He seems to believe that
Ragel, an obscure regex-modeled lexer, is a talisman against vulnerabilities.
His "Hate" protocol assumes that attackers originate from single sources, not
from armadas of compromised machines.

Sigstoat isn't the first person to comment on this "top 10 list of signs of
bad security" --- this is a point Schneier makes, often.

~~~
pius
Being cryptic is bad -- in "secure code" and just about everywhere else.
Unfortunately, that's not the point the commenter made at all.

As to your praise of the notion that the author of an open, civilian protocol
is making his protocol less secure by revealing what hash functions he's
using, well, I'm just going to say that I'm a practitioner too and I've never
heard of openness about the algorithms involved as a sign of bad security.
Indeed, I've never heard Schneier _once_ make that point, much less hear him
make it often and I read Cryptogram almost every month. Sorry, but I'm calling
bull on that one.

The only folks who get a pass on not revealing their algorithms are NSA
cryptographers who create Type 1 National Security systems and that's only
because they have a large, knowledgeable community of cryptographers within
the organization that does their peer review, thus obviating the need for
vetting their protocols with the greater academic community.

~~~
tptacek
You just spent 3 grafs kicking a straw man, which you'd know if you'd read the
article. This is a discussion about an article. The source code for the
software the article is about was published in 2005. Nobody argued that he
should have kept his algorithms secret; they argued that bragging about them
in an article didn't make him look more competant.

Also, you already said you _weren't_ a practitioner; which is it? Your use of
the term "Type 1 National Security systems" allows me an educated guess, but
you could clear it up.

~~~
pius
Let's see, I replied to someone's comment with a valid criticism. I just read
the entirety of Zed's piece and, lo and behold, my argument against the
comment still stands. (Whether or not Zed's protocol still stands is an open
question.) Meanwhile, you've been attacking a strawman the whole time.

Now you're trying to personally attack me. I'm not sure what your problem is
or what you're trying to prove, but I am a practitioner.

See here:

[http://csrc.nist.gov/publications/nistpubs/800-85B/SP800-85b...](http://csrc.nist.gov/publications/nistpubs/800-85B/SP800-85b-072406-final.pdf)
[PDF]

or here:

[http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.p...](http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf)
[PDF]

or here:

[http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-...](http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-chng1.pdf)
[PDF]

(You won't find my name in that last document, as authors and supporting
researchers are not listed on FIPS.)

I'm not going to ask about your credentials because, frankly, they don't
interest me. You've jumped the shark and I'm done responding after this. Don't
make this thing personal; you've got a problem with my comment, do us all a
favor and keep it there. You trying to start a pissing match with me is boring
for everyone and ultimately wastes both of our time. Chill.

~~~
tptacek
You're right. I'm infinitely more irritated at the mentality conveyed by
Shaw's document, that "security" is a combination of using the most "advanced"
crypto constructions and using parsing tools to avoid superficial overflows
than I am at you for arguing with people about a post you didn't bother to
read.

For that, I apologize.

~~~
pius
All good, man.

