Lessons Designing security protocols is hard! Even when you use the right cryptography The simple advice is "Don't do it." Reuse old designs where possible At least look at them, and learn from their mistakes or design PPTP had some of the same problems as WEP IPSec had to deal with many of the same issues Make the design process public and inviting Explicitly find experts to look at it The CRC-is-linear problem, for example, would have been spotted right away