![]() How do you balance your proposal for crypto agility with the risks of in-band protocol negotiation? At the opening of the Q&A session, I asked the following question: Vikram’s talk wasn’t clear about these nuances. Therefore, anyone who speaks in favor of crypto agility should be very careful about what, precisely, they’re advocating for. When you maximize “crypto agility”, you introduce dangerous levels of in-band protocol negotiation.Ĭrypto Agility tends to become a security problem: When an attacker can entirely decide how the target system behaves, they can often bypass your security controls entirely. HS256), then use the public key (or a hash of the public key) as a symmetric key, and the verifier would just blindly accept it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |