Wikipedia:Articles for deletion/Woo Lam 92 (protocol)

The following discussion is an archived debate of the proposed deletion of the article below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.

The result was keep. General consensus leans towards keep and nominator wishes to withdraw the deletion nomination. Deryck C. 19:14, 25 May 2011 (UTC)[reply]

Woo Lam 92 (protocol)[edit]

Woo Lam 92 (protocol) (edit | talk | history | protect | delete | links | watch | logs | views) – (View log)

(Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL)

(Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL)

It is an insecure, inefficient, and flawed-by-design cryptographic protocol whose only notability is its insecurity. (Plus, even the description of the protocol on this page is erroneous.) Nageh (talk) 16:04, 9 May 2011 (UTC) Afterthought: I think I need to retract my AfD vote. The issue I was trying to bring up was that there are tons of flawed authentication protocol designs, and IMO most of them are hardly notable. Protocols like Needham-Schroeder and Otway-Rees are way more notable, were used in practice, provide the basis for many other similar protocols, but do have design flaws as well, just as earlier versions of Kerberos. On the other hand, we do have articles on protocols that are equally non-notable as Woo-Lam, and are present simply because Bruce Schneier chose to cover them in his Applied Cryptography book. Sigh, even Woo-Lam is covered in his book, so I guess I'm at loss. :/ Nageh (talk) 10:03, 10 May 2011 (UTC)[reply]

• Comment if it is notable for its insecurity, then it's notable. The others are not arguments for deletion. Sergeant Cribb (talk) 17:10, 9 May 2011 (UTC)[reply]

Right, I tend to forget that there is no WP:COMMONSENSE on Wikipedia. How about this: The protocol is not used at all in practice, never was, is not mentioned in as good as all established reference books on the subject (entity authentication/identification protocols), and just is not notable at all. What I was trying to say was that its insecurity is its most notable (but IMO still not notable enough) aspect. (PS: Don't take my rant too personal.) Nageh (talk) 20:23, 9 May 2011 (UTC)[reply]

Not at all. Sergeant Cribb (talk) 20:35, 9 May 2011 (UTC)[reply]

• Delete. As stated by Sergeant Cribb, if this protocol's lack of safety is the reason for its notability, then it does meet our notability guidelines. However, a Google search yields no reference about it that can be used to demonstrate notability, regardless of whether it's notable for the wrong reasons. -- Blanchardb -^{Me•MyEars•MyMouth}- timed 18:58, 9 May 2011 (UTC)[reply]
• Keep I wrote this page, because woo Lam protocol is shown in university as a basic model for mutual authentication using a KDC. and i noticed with a short search that there is close to nothing explaining the protocol. part of the only locations where it is mentioned are in academic web sites where this is being brought as a simple example, woo lam is usually used as a stater subject before explaining Kerberos to students. i agree that it might not be efficient or secure as others out there, but for the same reason they still hold on to it in the academia, i think it should stay. would be glad to get comments regarding any errors i might have done. i haven't had time to finish it (i just opened it a few hours ago - you guys are quick) but i'll be glad to fix it up more if it wont be deleted. (mike) 10:00, 9 May 2011 (UTC)[reply]
  • That the protocol can or can't be used in real life for whatever reason will be of no concern in this discussion. If we can find evidence that it is indeed shown in university textbooks (and I mean more than just the teacher's handouts), that might be just what it takes to make it meet our notability guidelines. -- Blanchardb -^{Me•MyEars•MyMouth}- timed 22:43, 9 May 2011 (UTC)[reply]
• KEEP:(duplicate vote) I have found several notable places (thanks to Prof' gudes) discussing the woo lam protocol
  1) Cryptography and Network Security. (p 387) by William Stallings
  2)Woo, T., and Lam, S."'Authentication' Revisited." Computer, April 1992.
  ACM Digital library ^[1] Volume 25 Issue 3, March 1992
  3) Woo, T., and Lam, S."Authentication for Distributed Systems."Computer, January 1992.
  Mike2learn (talk) 22:40, 15 May 2011 (UTC)[reply]

Note: This debate has been included in the list of Computing-related deletion discussions. — • Gene93k (talk) 16:49, 11 May 2011 (UTC)[reply]

Relisted to generate a more thorough discussion so a clearer consensus may be reached.
Please add new comments below this notice. Thanks,  Sandstein  05:27, 18 May 2011 (UTC)[reply]

• Delete. Stallings uses the two Woo-Lam protocols/papers to show that "protocols that appeared secure were revised after additional analysis. These examples highlight the difficulty of getting things right in the area of authentication." Meh, no real importance, just an example. Tijfo098 (talk) 08:45, 18 May 2011 (UTC)[reply]
• Unlike Needham's "Authentication revisited" paper, which has 200+ citations in GS, Woo & Lam's paper with the same title has only 11. Tijfo098 (talk) 08:48, 18 May 2011 (UTC)[reply]
  • I think importance is in the context you place it in. It is notable, as it is used in the academia (As shown in the references above) and is a good example of the evolution of authentication protocols. regarding the quote " These examples highlight..." from stallings book , he also says "SHA and Whirlpool are examples of these two approaches" (pg 353) being an example does not take away notability or importance. Stalling shows full description of both 92a and 92b protocol with detailed description. Mike2learn (talk) 20:04, 19 May 2011 (UTC)[reply]
• Weak keep. The article needs more work to pass NPOV, even for the latter protocol [1] [2], however GNG seems satisfied. It would probably be easier for the reader if all the more obscure symmetric key authentication protocols were on one page, like in that book, but Wikipedia is seldom targeted at satisfying the reader, because of who writes it. Tijfo098 (talk) 01:55, 21 May 2011 (UTC)[reply]
• Conditional keep If indeed covered in Schneier's Applied Cryptography (I haven't checked) that would be enough to establish independent notability. —Ruud 11:46, 22 May 2011 (UTC)[reply]
  • It's covered in 3+ textbooks: Schneier, Stallings, and the authentication one linked by me above. It's also covered in a couple more where only the clearly flawed protocol is given [3] [4]. It's the low citation count for the "corrected" protocol(s) that makes this a questionable topic by itself; I put corrected in quotes because it still relies on the sender being able to detect replays of its own messages. [5] Tijfo098 (talk) 12:16, 22 May 2011 (UTC)[reply]

• Suggestion and comment. The references provided by Tijfo098 describe quite a different protocol than the ones described in the article. In particular, the former are symmetric-key protocols while the latter rely on public-key cryptography. This is curious insofar as we are now at four different protocols described as Woo-Lam authentication protocols by different sources. All of them are border-case in notability, IMHO. As sort of a compromise I suggest the following:
  • The article is renamed Woo–Lam (protocol) and describes both the two symmetric-key variants (the broken one and the less broken one) and the two public-key protocols (again the totally broken one and the less broken one).
  • It does away with naming the protocol Woo-Lam 92 because that is original research, and in fact only the reference was entitled [Woo-Lam 92] in Stalling's book.
  • Mike2learn, would you please correct the protocol description so it does not state rubbish like "public-key encryption with a private key" (what?) or "signing with the public key" (what the...?). In particular, there is no need to indicate which of public or private key is to be used for public-key encryption or signing, respectively. You may also add some notes about the insecurity of the protocol and that it serves as an example in this regard. Finally, note that neither the authors' homepages nor their original research papers are suitable secondary sources to establish notability. While you may cite the papers you should reference Stalling's book as a reliable secondary source on the protocol in the article.

Cheers, Nageh (talk) 21:50, 24 May 2011 (UTC)[reply]

The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.