At 23:32 -0700 7/11/00, Tim May wrote:
>[Again, I urge folks to not use toad.com. It is being filtered by
>many of us, due to the hundreds of MakeMoneyFast and HelpMeMakeBombz
>and Spark.Net messages each day. I've changed toad.com over to
>algebra.com, one of the main nodes.]
>
Good point, I'll try to remember to do that in the future.
>At 1:31 AM -0400 7/12/00, dmolnar wrote:
>>On Tue, 11 Jul 2000, Kevin Elliott wrote:
>>
>>> least in the case of ZKS, I've never heard of Privada) are publicly
>>> known, and considered strong by most, if not all, cryptographers.
>>
>>The algorithms are publically known. the source isn't. although I
>>personally am less annoyed by that than some recent posts to the list.
>>Not sure if that's what the original poster meant or not, of course.
>
>This came up at the recent Cypherpunks physical meeting in Silicon
>Valley. >"Where's the source code...we're still w-a-i-t-i-n-g!" was
>the refrain. One >gets the idea that if ZKS doesn't fulfill its
>promise to release source code so >that its algorithms can be truly
>inspected properly, the last vestiges of >credibility will fade.
I've got mixed feelings about this argument. Yes, trusting the
source is important, and yes, the best way to do that is to be able
to look at the source and say "There are no backdoors because I
looked for them, and then compiled the source on my own". What this
got me thinking about is what one has to know to trust a cryptography
product. Seems to me there are 3 basic things that one has to trust-
1. The protocols and design.
2. The people running the show.
3. The implementation of item 1.
In all 3 cases you can establish trust in one of 2 ways- you can see
(or be shown) enough detail to "prove" it's trustworthy or trust the
person(s) doing the work of implementing. It seems to me that ZKS
has done an decent job on item 1, posting the details of the
architecture and responding to criticisms of that architecture. The
people responsible for creating ZKS certainly seem worth of our
trust, especially compared to their competition (Any one know who's
in charge of anonymizer.com?). As to the last, well, I am some what
disturbed that the source is not yet available, however, they seem to
have met my first to conditions and I'm willing to trust that
combining those to will yield a good implementation and so simply
wait quitely for the source to be released.
--
Kevin "The Cubbie" Elliott
<mailto:[EMAIL PROTECTED]> ICQ#23758827
_______________________________________________________________________________
"As nightfall does not come at once, neither does oppression. In both
instances, there is a twilight when everything remains seemingly
unchanged. And it is in such twilight that we all must be most aware
of change in the air--however slight--lest we become unwitting
victims of the darkness."
-- Justice William O. Douglas