Gervase Markham wrote:
Ian G wrote:
> I'd say 40 bit is good enough for banking, and 128 bit
is good enough for banks :-) As the TLS people have now
added a 256 bit protocol suite, they no doubt think that
only 256 should be used by banks...
I think you may have missed my point, which was: a number is still a
number, and the user has to attach meaning to it, and needs teaching to
do so. I assert that this is undesirable.
Good point :)
And ... my point is that the difficulty of numbers that
you refer to is equally applicable to any other metric
we might come up with. Literally, your "commerce v.
non-commerce" differentiation is equally fraught.
So we have a dilemma: either give the user the facts,
and suffer that the users might not be able to work it
out,
OR,
give the user a subjective judgement, and run the
gauntlet of hiding the real situation from the users,
and getting the subjective judgement wrong.
In uncertainty, I generally suggest sticking to the
facts.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
Mozilla-security@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-security
