Ian G
Tue, 06 May 2008 17:47:24 -0700
David Wagner wrote: ...
This struck me as poor design, not good design. Asking the user to make these kinds of choices seems like the kind of thing that only a cryptographer could consider sensible. In this day and age, software should not be asking users to choose ciphers. Rather, the software should just pick a sensible high-grade security level (e.g., AES-128, RSA-1024 or RSA-2048) and go with that, and avoid bothering the user. Why even offer "low" as an option? (And this "export" business sounds like a throwback to a decade ago; why is that still there?) Good crypto is cheap. Asking a user is expensive and risky.So I think there should be a broad design bias towards *implicit* correct behaviour in all system features, with rope available for advanced users to *explicitly* craft more complex use-cases. Once you have that, practical security is not too difficult.Amen. I know of quite a few software packages that could use more of that philosophy.
I think we are all coming around to the view that any choices are practically messy and dangerous, no matter how nice they look on paper.
The way I put it, there is only one mode, and it is secure. From there on, it only gets better. Obligatory rant:
http://iang.org/ssl/h3_there_is_only_one_mode_and_it_is_secure.html iang --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]