-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Oct 2, 2013, at 12:26 PM, coderman <coder...@gmail.com> wrote: > On Wed, Oct 2, 2013 at 10:38 AM, Jared Hunter <feralch...@gmail.com> wrote: >> Aside from the curve change (and even there), this strikes me as a marketing >> message rather than an important technical choice. The message is "we react >> to a deeper class of threat than our users understand." > > > it is simpler than that. to signal integrity, and provide assurance, > it is common not just to avoid impropriety, but to avoid the > _appearance_ of impropriety. > > this change, while not materially affecting security (the weakest link > in SilentCircle was never the crypto) succeeds in conveying the > message of integrity as paramount. > > so yes, a marketing message, but a simple one. i have no problem with > this as long as they're not implying that AES or SHA-2 are broken in > some respect. Thank you very much for that assessment. I'm not implying at all that AES or SHA-2 are broken. If P-384 is broken, I believe the root cause is more that it's old than it was backdoored. But it doesn't matter what I think. This is a trust issue. A friend of mine offered this analogy -- what if it was leaked that the government replaced all of a vaccine with salt water because some nasty jihadis get vaccinated. This is serious and pretty horrifying. If you're a responsible doctor, and source your vaccines from the same place, even if you test them yourself you're stuck proving a negative and in a place where stating the negative can look like you're part of the conspiracy. I see this as a way out of the madness. Yes, it's "marketing" if by marketing you mean non-technical. By pushing this out, we're letting people who believe there's a problem have a reasonable alternative. If we, the crypto community, decide that the P-384+AES+SHA2 cipher suite is just fine, we can walk the decision back. It's just a software change. Let me also add that I wouldn't fault anyone for deciding differently. We, the crypto community, need to work together with security and respecting each other's decisions even if we make different decisions and do different things. I respect the alternate decision, to stay the course. Jon -----BEGIN PGP SIGNATURE----- Version: PGP Universal 3.2.0 (Build 1672) Charset: us-ascii wj8DBQFSTJzTsTedWZOD3gYRAtsxAJ9CPoZjv+shNwID/ip+9KOcWK/JrQCeKuNv rZmdU8syRIb+6KmX3xqEHt8= =W3/0 -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography