> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
Hehe, I was trying really hard to put this issue into some tangible
numbers :)
There is always security risk related to the design, to the implementation,
to the administration, etc. From all the books/sources I've learned
crypto and security (including topics on information system auditing
and assurance, information security risk assessment), I couldn't find
any systematic methodology to estimate this. Everyone is talking
about it in bulleted items, kinda subjective.
This seems to come only with experience, and learn the hard
way after screwing up a couple of times, or something.
I don't know, I'm working on estimating the potential consequences
of a security breach. But this is way beyond my
knowledge/experience/expertise.
And this is really on a case by case basis, no book can teach
me that, I guess.
thanks
_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
