On Jun 29, 2007, at 10:44 AM, Steven M. Bellovin wrote:
It's very valid to criticize today's products, and it's almost
obligatory to criticize over-hyped marketing. As I said, I don't
think
today's products are useful anywhere, and the comparisons vendors draw
to conventional cryptography are at best misleading. But let's not
throw the baby out with the bathwater.
The problem I have with QC is that, as others have amply pointed out,
there is a lot of bathwater but not much of a baby to speak of. If
someone created a protocol that does a DH exchange at the beginning
and then throws away the secret and performs the rest of the
communication in plaintext, we'd hardly call the resulting system a
"cryptographic protocol". Really, we'd be hesitant to use any form of
the word cryptography in the description.
"QC", however, does something exactly analogous: it performs a
quantum key exchange and then falls back on classical primitives.
It's at best confusing, fallacious and disingenuous to refer to such
setups as quantum cryptography, though I understand "classical
encryption with quantum key exchange" has less of a marketable ring
to it.
So, by all means, let the QKD and related research continue. It's
interesting, it's cool, it's *important* work. But when the folks
behind it are talking to those of us who understand and work with
cryptography every day, they need to do a much better job at not
letting their own imprecise and almost deceitful terminology paint
themselves in a corner and trigger our snakeoil detectors. I deeply
support Jon's proposal of renaming the whole thing "quantum secrecy",
in which case I'd get off my snark horse and show more respect for
the whole thing.
--
Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]