"Perry E. Metzger" wrote: ...
> Dumb cryptography kills people. What's your threat model? Or, that's your threat model? Applying the above threat model as written up in "The Codebreakers" to, for example, SSL and its original credit card nreeds would seem to be a mismatch. On the face of it, that is. Correct me if I'm wrong, but I don't recall anyone ever mentioning that anyone was ever killed over a sniffed credit card. And, I'm not sure it is wise to draw threat models from military and national security history and apply it to commercial and individual life. There are scenarios where people may get killed and there was crypto in the story. But they are far and few between [1]. And in general, those parties gradually find themselves taking the crypto seriously enough to match their own threat model to an appropriate security model. But, for the rest of us, that's not a good threat model, IMHO. > > Well, the opposition to "the guild" is one of pro-market > > people who get out there and build applications. > > I don't see any truth to that. You can build applications just as > easily using things like TLS -- and perhaps even more easily. The > "alternatives" aren't any simpler or easier, and are almost always > dangerous. OK, that's a statement. What is clear is that, regardless of the truth of the that statement, developers time and time again look at the crypto that is there and conclude that it is "too much." The issue is that the gulf is there, not whether it is a fair gulf. > There isn't a guild. BTW, just to clarify. The intent of my post was not to claim that there is a guild. Just to claim that there is an environment that is guild-like. > People just finally realize what is needed in > order to make critical -- and I do mean critical -- pieces of > infrastructure safe enough for use. I find this mysterious. When I send encrypted email to my girlfriend with saucy chat in there, is that what you mean by "critical" ? Or perhaps, when I send a credit card number that is limited to $50 losses, is verified directly by the merchant, and has a home delivery address, do you mean, that's "critical" ? Or, if I implement a VPN between my customers and suppliers, do you mean that this is "critical" ? I think not. For most purposes, I'm looking to reduce the statistical occurrences of breaches. I'll take elimination of breaches if it is free, but in the absence of a perfect world, for most comms needs, near enough is fine by me, and anyone that tells me that the crypto is 100% secure is more than likely selling snake oil. For those applications that *are* critical, surely the people best placed to understand and deal with that criticality are the people who run the application themselves? Surely it's their call as to whether they take their responsibilities fully, or not? iang [1] the human rights activities of http://www.cryptorights.org/ do in fact present a case where people can get killed, and their safety may depend to a lesser or greater extent on crypto. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]