The article argues that cryptographic registries, which enumerate algorithm options for protocols like TLS and SSH, promote harmful 'cryptographic agility' and increase vulnerability risks through runtime negotiation. Instead, the author recommends designing protocols with fixed, versioned cryptographic primitives to reduce complexity and attack surfaces. This critique challenges common practices in standards like IETF/IANA registries and advocates for simpler, more secure protocol design.
Background
Cryptographic registries are standardized lists of algorithms (e.g., by IANA) used in protocols like TLS and SSH to enable negotiation between different cryptographic options. This approach, known as 'cryptographic agility,' has been criticized for introducing complexity and vulnerabilities.
- Source
- Lobsters
- Published
- Apr 27, 2026 at 10:50 AM
- Score
- 7.0 / 10