On 16/02/13 16:19 PM, Peter Gutmann wrote:
I wrote:
Those are some pretty odd stats... Camellia is almost as popular as 3DES?
To which Yaron Sheffer pointed me to:
http://stackoverflow.com/questions/10378066/which-algorithm-is-stronger-for-tls-aes-256-or-camellia-256
which says:
The reasoning is contained in the NSS library source code and is somewhat
convoluted, but it has nothing to do with security. It has to do with a
desire to support national vanity algorithms.
I'm sure there's a fascinating story behind that one... why is a major
browser's security library making choices about vanity suites?
If everyone else is into vanity, why exclude Developers :)
As it happens an awful lot that happens in the development of a major
project anywhere is controlled by the developers. The developers
interpret requests according to their own viewpoints, which sometimes
follow less transparent interests.
For NSS for example, all or most of the developers are paid for by major
sellers of PKI product. So they interpret work on the basis of what
their employer wants. Which presumably is to sell more PKI. This is
one major reason why browsers have in the past not been willing to let
in other security models - their jobs depend on feeding the PKI sales
machine.
What has been a bit perverse is that the concept of "open" and
"volunteer" was meant to guard against capture by one group, but it can
also work to stop something being captured by another group.
For my money, I'd suggest they use Camellia. *anything* to break the
mold that they have to do what other people tell them to do is good. It
really doesn't matter if it is a bad idea, stupid idea or atrocious
idea, any idea is good at this stage.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography