On Sun, May 14, 2006 at 07:56:17PM -0500, Travis H. wrote: > On 5/14/06, Victor Duchovni <[EMAIL PROTECTED]> wrote: > >Security is fragile. Deviating from well understood primitives may be > >good research, but is not good engineering. Especially fragile are: > > Point taken. This is not for a production system, it's a research thing. > > >TLS (available via OpenSSL) provides integrity and authentication, any > >reason to re-invent the wheel? It took multiple iterations of design > >improvements to get TLS right, even though it was designed by experts. > > IIUC, protocol design _should_ be easy
Once upon a time, everyone agreed that cipher design was hard. Later people discovered that protocol design is hard too. More recently people are discovering that given solid ciphers and protocols, secure implementations are still hard... I could be wrong, but it does not seem that the trend is towards "increasingly easy" security, in the sense that anyone who learns a programming language reasonably well can develop security toolkits. :-( -- /"\ ASCII RIBBON NOTICE: If received in error, \ / CAMPAIGN Victor Duchovni please destroy and notify X AGAINST IT Security, sender. Sender does not waive / \ HTML MAIL Morgan Stanley confidentiality or privilege, and use is prohibited. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]