On Thu, Dec 24, 1998 at 03:07:25PM -0400, Brian Steele [SPICEISLE] wrote:
> However, I do agree that the probability of a sufficient number of
> less-skilled persons finding a flaw increases with the amount of
> persons testing the implementation.
>
> That is why I question if it is any profit to Microsoft to release
> information about the implementation of security in their products "to
> the wild", when it's probably already been reviewed internally by
> their own experts.
That is true. With plenty pf people willing to buy Microsoft regardless
of security implementation, it probably profits Microsoft little. However,
we, the marketplace, can make informed decision about what products to
buy based on the relative strengths of their implementations (taking into
account architecture, vendor track record, etc).
Read the Halloween documents.. Microsoft realizes as long as there is no
basis of strong protocols in existance, as long as strong protocols are
not commoditized, their market stance is stronger. I would not view this
as benefitting the consumer.
The fact is, for the most part, and particularly in cryptography, "their
own experts" almost never translates to the "real experts". Review by
outsiders provides real benefits in these cases.
Mike
--
Michael P. Lyle
Security Architect
Exodus Communications, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
