GUADEC: Danny O'Brien on privacy, encryption, and the desktop
Posted Aug 4, 2010 20:30 UTC (Wed) by farnz
In reply to: GUADEC: Danny O'Brien on privacy, encryption, and the desktop
Parent article: GUADEC: Danny O'Brien on privacy, encryption, and the desktop
On the other hand, the vast majority of protocol and application designers just don't care. "Boiling the oceans" by making IPSec work everywhere isn't easy - but it's a one-off big cost. Trying to round off every grain of sand by getting both protocol developers (who don't always see why it's important) and application developers (who often see it as extra work for no gain) to handle encryption in the protocol is similarly hard - but it's a lot of small costs, and we keep paying them day-in, day-out as we try to fix everything.
Further, the nature of IPSec is that it gets implemented once per OS, and then it's not an issue for any application that uses that OS - indeed, I can blithely write encryption unaware code using the old BSD sockets API like I've always done, and benefit. If I have to get encryption right, not only is that extra effort that I'm going to fight back against (naturally - like most programmers, I'm lazy), but it also opens up lots of ways for me to get it wrong, whether we're talking design flaws like WEP's flaws, or implementation failures like the Debian OpenSSL flaw, which rendered keys effectively 16-bits long.
At least with IPSec, people with more clue than I'll ever have have checked the design for mistakes, and another group of very clueful people will implement it, and fix the flaws found in the wild. And note that I'm not wedded to IPSec; if there was (say) a library that I could just link against and get all the nice security properties IPSec offers, that'd do just as well.
to post comments)