V Thu, Jun 30, 2022 at 10:46:27PM +0100, Richard W.M. Jones napsal(a):
Practically what would help is an easier way to reduce security for
only specific sites + protocols. It's very easy right now to set the
whole system to LEGACY, and much harder to set legacy for a specific
site + protocol. (In fact I have no idea how to go about it for this
particular case we're talking about.)
Cryptopolicy would work as a soft limit. Cryptolibraries would return
a distinct error INSECURE instead of UNKNOWN. Applications on the INSECURE
error would offer a user to override the cryptopolicy soft limit.
At the end cryptolibraries many times keep implementing the weak algorithms
because the algorithms might be strong enough for a different purpose (like
a digest vs. an HMAC), or the cryptopolicy gives a different security level
to different purposes (creating vs. verifying a signature), or because the
user is not interested in the cryptographical guarantees at all, he only wants
to unwrap the wanted data (e.g. reading an ancient digitally-signed message).
For the first and the last case cryptolibraries already provide a mean for
applications to convey an intent for, or a use of the algorithm. It's
"only"
necessary to augment API of the libraries to support the intent parameter
everywhere.
Now cryptopeople will argue that users will learn to click "connect anyway"
all the time. Well, there will be users like that. But not everbody is like
that. I'd rather use a device which I can control than me to be controlled by
the device.
-- Petr