Cryptography-Digest Digest #780, Volume #12 Tue, 26 Sep 00 17:13:00 EDT
Contents:
Re: On block encrpytion processing with intermediate permutations (Tom St Denis)
Re: continuous functions and differential cryptanalysis (Tom St Denis)
Re: continuous functions and differential cryptanalysis (Dido Sevilla)
test values for HMAC-Tiger (Dido Sevilla)
Re: differnetials... (Doug Kuhlman)
Re: continuous functions and differential cryptanalysis (Mok-Kong Shen)
Re: On block encrpytion processing with intermediate permutations (Mok-Kong Shen)
Re: Software patents are evil. ("Paul Pires")
----------------------------------------------------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: On block encrpytion processing with intermediate permutations
Date: Tue, 26 Sep 2000 18:05:28 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> Let's first agree that we are arguing about what I call
> the full version of my scheme. You compute the differences.
> but do you know which differences correspond to which
> word/block of the original plaintext? Note that, due to
> the word (or groups of words) permutation, everything
> has got mixed up in a way that the opponent can't find
> out. Please kindly re-read my original post and forget
> for the time being the last two paragraph and do a
> sketch with pencil of how you would go about with your
> differential analysis with, say, DES as block encryption
> algorithm and a message of 20 blocks. I think that my
> idea would then be clear to you. Note in particular that
> you have no knowledge of the permutations that are being
> done. There could be poor permutations. Let's assume
> that 2 are poor but 14 are good.
That's just it, you can't have 2 good perms and 14 bad ones. it's the
composition of them all... so either the entire perm is balanced (each
word combines into DES with equally once...) or they don't. Realize
that in 16 rounds of this protocal you need 17 blocks to get equal
mixing (I think)... otherwise the mixing cannot be balanced...
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Tom St Denis <[EMAIL PROTECTED]>
Subject: Re: continuous functions and differential cryptanalysis
Date: Tue, 26 Sep 2000 18:42:31 GMT
In article <[EMAIL PROTECTED]>,
Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
>
>
> Mika R S Kojo wrote:
> >
> > Derivative is well-defined for any field, but its usually called
> > "formal derivative". It is even possible to talk about continuous
> > functions, but for for this you need p-adic numbers.
>
> Dumb question: Are p-adic numbers inside the theory of
> GF or else at least compatible with it? If yes, could
> you please provide references? Thanks.
I can top that, what are p-adic numbers?
Tom
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: Re: continuous functions and differential cryptanalysis
Date: Wed, 27 Sep 2000 03:23:52 +0800
Paul Rubin wrote:
>
> Tom St Denis <[EMAIL PROTECTED]> writes:
>
> > Woohoo I used calc for something.
> >
> > Theorem. No continuous [finite] function can ever have a minimum
> > Probability associated with a differential (over all possible
> > differentials).
> >
> > Lemma. Examine the derivative of function 1/x in GF(2)^n, given as -
>
> Um, what's wrong with this sentence? Hint: do you know what a
> derivative is?
Has he properly defined a derivative in GF(2^n)? To define a
derivative, we have to begin with a definition of a metric in GF(2^n),
then work our way to a definition of a limit, then the definition of a
derivative. Let's say we do come up with a valid metric, coming up with
a metric function d(x, y) for x and y in GF(2^n) that satisfies all the
metric axioms (I suppose it would be possible). Now we try to define a
limit for infinite sequences in GF(2^n). Say we have
lim z_n = l
n->inf
this means that l element of GF(2^n) exists such that for *every*
positive real number epsilon, no matter how small, an integer n_0 can be
found such that d(z_n, l) < epsilon, for all values of n greater than
n_0. Now, clearly, the metric cannot be expected to produce *all* real
values of epsilon, seeing as the metric is only defined for the 2^n
elements in GF(2^n), and so the range of the metric function has only
2^2n elements. Now, obviously there's no way we can generate a
one-to-one mapping for a finite set onto an uncountably infinite set
like the real numbers, so we can't define a limit in GF(2^n), or in any
finite field for that matter, so a derivative, at least as defined by
modern analysis, can't be constructed either. If you can't come up with
a proper definition at the beginning, then natch, your whole argument
must be worthless too. But hey, a proper definition for a derivative in
finite fields *may* exist that doesn't use the notions of metrics or
limits, but if so, I haven't heard of it. Maybe there's even a whole
field of math called discrete analysis built around it. I'm not a
mathematics major, I wouldn't know...
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
From: Dido Sevilla <[EMAIL PROTECTED]>
Subject: test values for HMAC-Tiger
Date: Wed, 27 Sep 2000 03:28:08 +0800
I've written an implementation of Tiger that seems to be sane (it
produces the same hash values for all the test inputs anyhow!) and now
have a program that does HMAC-TIGER in the same way everyone else does
HMAC-MD5 and HMAC-SHA1, as described in RFC 2104. Does anyone have any
test values for HMAC-Tiger which I can compare with my implementation?
--
Rafael R. Sevilla <[EMAIL PROTECTED]> +63 (2) 4342217
ICSM-F Development Team, UP Diliman +63 (917) 4458925
OpenPGP Key ID: 0x0E8CE481
------------------------------
From: Doug Kuhlman <[EMAIL PROTECTED]>
Subject: Re: differnetials...
Date: Tue, 26 Sep 2000 14:19:57 -0500
Mike Rosing wrote:
>
> Tom St Denis wrote:
> > Arrg... calculus is all new to me... please help!
>
> You're mixing finite fields and continuous analytic numbers.
> As my kids would say "that does not include". The idea behind
> calculus is that you can "infinitly" divide things down very
> smoothly. The idea behind finite fields is that every element
> is distinct. A better way to combine these is thru p-adic
> numbers. I'd suggest you keep finite field ideas completely
> separate from calculus ideas, at least for a few months :-)
>
> Follow the proof carefully for why d/dx ( 1/x) = 1/x^2. You
> use limits. Can't do that with a finite field!!
>
Don't mean to nitpick, but if Tom's learning calculus, he should at
least see the correct answer that...d/dx(1/x) = - 1/x^2.
Also, Tom, in GF(2^8), -1/x^2 *is* a bijection, if you make a little
proviso that 0 goes to 0.... This follows from the fact that squaring
is an isomorphism of a field of characteristic two (Frobenius).
Doug
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: continuous functions and differential cryptanalysis
Date: Tue, 26 Sep 2000 22:32:25 +0200
Tom St Denis wrote:
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > Mika R S Kojo wrote:
> > >
> > > Derivative is well-defined for any field, but its usually called
> > > "formal derivative". It is even possible to talk about continuous
> > > functions, but for for this you need p-adic numbers.
> >
> > Dumb question: Are p-adic numbers inside the theory of
> > GF or else at least compatible with it? If yes, could
> > you please provide references? Thanks.
>
> I can top that, what are p-adic numbers?
I only know that p-adic numbers belong to the topic of
algebraic number fields. Once I found in the library
a book dealing quite a lot with that but the stuff was
apparently too advanced for my knowledge level, so that
I didn't attempt to look into it.
M. K. Shen
P.S. How did it occur that your post was repeated 4 times?
------------------------------
From: Mok-Kong Shen <[EMAIL PROTECTED]>
Subject: Re: On block encrpytion processing with intermediate permutations
Date: Tue, 26 Sep 2000 22:32:30 +0200
Tom St Denis wrote:
>
> Mok-Kong Shen <[EMAIL PROTECTED]> wrote:
> > Let me say that my main proposal is for blocks of at
> > least two words and a message containing quite a number
> > of blocks. Therefore I permute the words, because these
> > are more efficient than permuting the bytes. Then, as
> > an after thought, I wanted to indicate that the same idea
> > could in principle (though not so good) be applied to
> > a single block (which would allow for easy hardware
> > implementation). Now, for a block of two words, there
> > is no sense of doing permutation of words. Hence, one
> > has to scale-down, using permutation of bytes (there
> > aren't many unfortunately for a block of two words).
> > So for the scaled-down version, the situation is
> > less favourable from the start. Now it is known or can
> > be assumed that a well-designed cipher like DES is
> > optimized by its author. So if I do some tweaking, as
> > is the case with the scaled-down version, the result
> > has apparently a fair chance of being poorer. That's
> > why I commented on the scaled-down version in the
> > previous post (quoted above). I don't clearly see what
> > your argument goes beyond what I said about it. (You
> > were commenting on the scaled-down version, right?)
> > Please note that it is the full version with permutation
> > of the words (or even half-blocks or blocks, with larger
> > block sizes, etc.) and sufficiently long messages that
> > is the main concern of my original post and I have said
> > about that also in what is quoted above. To more directly
> > answer your question above, I used the DES above to argue
> > for the full version. In the full version, since the
> > example is for DES, the block size is even smaller
> > than your 128 bits. But you were considering solely
> > a permutation 'within' that block, which corresponds to
> > the scaled-down version, not the full version. And
> > for the scaled-down version I have already said that
> > my scheme 'might indeed be poor'. Do you have now any
> > essential points to say concerning the topic here?
>
> Again what is the difference fundamentaly from a "byte" or "block". If
> you have 16 blocks or bytes the idea is just the same. Of course I
> picked 16 out of the blue, but I find things easier to think of in
> terms of their fundemental parts, i.e sbox, linear function, etc...
Let me clearly say that the fundamental idea underlying my
proposal is permutation that covers the entire message.
Whether the unit is byte, word, group of words, block
(block length of the cipher) or even record is
'fundamentally' not essential, provided that there are
enough of the units in the message to render a permutation
of these to have a non-trivail sense. But transport of
words has a native computer instruction and word is
neither too big nor too small an entity. Hence I, for
simplification of my presentation, only employed word
as unit. But note that permutation is for all words
of the message, not limited to a block. If I didn't
mention the scaled-down version, then all the debates
up till now would have been shortened, I believe. But
if you want to consider byte as unit, then the full
version requires permutation of all bytes of the
message and one is no longer considering permutation
of the bytes of a block only. If you do that, I believe
you would see that the computation of differentials
become weird in my scheme in comparison to the case
with common differential analysis applied to a block
cipher (which considers only the region inside a block
and of course there is no permutation of my kind).
If, on the other hand, you use byte as unit and do
permutation limited to a block and examine whether
the permutation would weaken or strength the block
cipher in comparison to the case without the permutation,
then that's what I termed my scaled-down version and
I have remarked that in that case the permutation
could presumably indeed lead to weakening, if the
original block cipher is well designed, which means
that any tempering with the original design will weaken
it. I hope that I have now explained the issue sufficiently.
To summarize, you should consider the question of whether
in the full version, operating on the whole message,
permutation is advantageous or not and forget the
scaled-down version that is limited to one single block
only. (I described the scaled-down version in the original
post only after I asked myself whether some 'tricks'
could be found to implement the scheme in hardware
well, noting that I wrote at the beginning of the
original post that the scheme is intended for software
implementation. It turns out that the scaled-down
version is not favourable. In fact I was conscious of
that while writing. But I thought saying much to that
point would divert the reader's attention unnecessarily,
also in view of the fact the total space of the post was
not large.)
M. K. Shen
------------------------------
From: "Paul Pires" <[EMAIL PROTECTED]>
Subject: Re: Software patents are evil.
Date: Tue, 26 Sep 2000 13:14:16 -0700
It finally appeared! Today. 9/26/2000
The content is not disappointing either.
Worth waiting for.
Thanks.
Paul
Trevor L. Jackson, III <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]...
> I seem to have missed the preceding couple of messages. Usenet in action I
suppose.
>
> There are a couple of observations worth making:
>
> 1. Patents are not monopolies. They protect intellectual property not
business
> entities. Trade secrecy would seem to be a better target for monopolistic
claims in
> that the life of a trade secret is unbounded.
>
> 2. Using the USSR as a foundation for attacking the patent system is silly.
The
> dominant characteristic of the economy of the USSR was the lack of incentives.
The
> patent system is by design an incentive system. Thus the existence of the
patent
> system is for precisely the opposite of the reasons for the economic failure
of the
> USSR
>
> 3. The USSR was not an attempt to set up a fairer economic system, although
that
> claim has been widely spread. It was a tyranny. Check the official
definition of
> the term pravda (truth). It means "whatever will foster success". This is
fairly
> orthogonal to our concept of truth as a relationship between axioms and
theorems
> (math) or reality and statements (science).
>
> 4. The example in re coffee is particularly malformed. We do not grant
monopolies
> on coffee. We grant monopolies on improvements to coffee to encourage the
> development of superior coffee. The example is reminiscent of the British
> experience with monopolies. Essentially the Queen granted a huge list of
monopolies
> like importing salt to her friends. The ensuing economic distortion
(strangulation)
> and resentment are characteristic of the experience of living in the USSR.
See also
> the British Navigation Acts (long defunct) and our Merchant Marine laws (still
> killing the shipping industry)..
>
> The patent system is the exact polar opposite of this kind of thing. Given an
> patent on improved coffee, everyone can still sell regular coffee. They just
can't
> sell improved coffee without the permission of the patent holder. This is
_not_ a
> monopoly on coffee.
>
> 5. The term monopoly is a distraction. The issue is not whether monopolies
should
> be granted or not, but whether incentives for innovation should exist. If
> incentives should exist then time-limited monopolies can be used as
incentives. So
> can other things. But state-supported R&D is notoriously bad. Guess what
country's
> decline most clearly demonstrates that?
>
> 6. The claim "you rapidly have to be best or you are out" [of the software
business]
> is false by inspection. Consider IBM at its peak. It was far from the best
at
> hardware or software development. People knew and understood that. Yet they
were
> not "out". Consider Microsoft which, in spite of the incredibly bad software,
seems
> not to be "out". (N.B. I assume there is no dispute that we can take the
statements
> of Microsoft(R)'s product development managers to the effect that there is no
reason
> to fix bugs as evidence of the low quality of their products.)
>
> 7. Patents are not barriers to competition. They expire. New and better
techniques
> are invented even before they expire. Thus they are a way of _scoring_ the
> competition.
>
> 8. I think the suggestion that patents do not lead to improvements should be
> withdrawn rather than disputed. Thus MU.
>
> 9. The harping upon the bad side effects of monopolies and government mandates
has
> little or nothing to do with patents. The system is only supposed to secure
> intellectual property, not dictate business.
>
> The distinction can be seen by postulating the suspension of all laws securing
real
> property. There's a fixed supply and it is "the common heritage of all
mankind"
> according to the United Nations, so we should all share it equally. And live
in
> tents, mud huts, or caves. No thanks.
>
> Paul Pires wrote:
>
> [...]
>
> > > ]> Low quality is almost always due to a lack of comptetition, not a lack
> > > ]> of intellectual property rights. The USSR had immense itelletual and
> > > ]> other property rights protections-- manufacturers were handed
monopolies
> > > ]> on all kinds of goods. There is no evidence whatsoever that this
> > > ]> resulted in the manufacturers spending time and effort to make sure
that
> > > ]> their products were the best possible. Just the reverse.
> > >
> > > ]Why do you continually insert the monopoly practices of the former USSR
into
> > > ]the discussion? What, it happend there so it could happen here? The issue
> > isn't
> > > ]whether state sanction monopolistic practices are good or bad but whether
> > > ]the particular one under discussion is. Hey, they were bad. Guess what,
they
> > > ]are gone. Move on.
> > >
> > > Because it is an example of a country which instituted precisely the
> > > kind of restrictions on the economic system, for reasons which are very
> > > similar to the reasons which you give.
>
> >
> >
> > "Precicely" and "similar"? I don't think so (Just my opinion). Their reasons
are
> > unimportant, it was their actions that proved to be problematical.
> >
> > >Of course it is not the same. Of
> > > course it differs in detail. But your argument is that monopoly leads to
> > > better products for the consumer. My counterargument is that it does
> > > not, as has been tested by various countries. One should learn from
> > > history, not just "move on" or we will repeat all of the same mistakes.
> > > The USSR did not get where it was on purpose or through evil intent. It
> > > was trying to set up a much fairer economic system than the predatory,
> > > wasteful, exploitative capitalist system, a system which would produce
> > > more and better goods for the consumers without the costs of capitalism.
> >
> > Why it failed is a matter of opinion and I have one different from yours.
> >
> > > It failed. Monopolies are not a good idea. Patents are monopolies.
>
> >
> > > Thus the question arises as to whether the benefits which accrue to
> > > society through the conditions set on the monopolies granted by patents
> > > outweigh the costs that monopolies invariably bring with themselves.
> > > In the case where those benefits do not clearly and demonstrably (not
> > > thoeretically) outweigh the costs, monopolies should not be granted, and
> > > then should be granted for as short a time as possible and still reap
> > > the clear benefits to society.
> > >
> > > In my opinion software patents do not fulfill these criteria. They grant
> > > monopolies without a clear benefit ( except of course to the
> > > monopolist).
> > >
> > > YOur arguments were all theoretical and of exactly the kind used by the
> > > Soviets to justify their experiment.
> >
> > Bad logic. Just because The rational behind A & B are identical, doesn't
> > mean the processes A & B are identical. Both of our arguments are equally
> > theoretical. Any claim that you have that history is behind yours is just
bad
> > science.
> > >
> >
>
> [...]
>
> > > ]>
> > > ]> Yes, just like coffee. We should institute laws that only allow say
> > > ]> starbucks to open coffee shops in any city. Think of how great the
> > > ]> coffee would be then! Competition does far far more for increasing
> > > ]> quality than does nay intellectual property protection.
> > >
> > > ]Too much prior art for such a grant. The reason it hasn't happend is that
the
> > > ]process you deride will not allow it. You are citeing its hypothetical
> > > ]non-operation
> > > ]as an example of its poor operation.
> > >
> > > No, I am not claiming this as an example where a patent should be
> > > granted but an example where one could argue that a monopoly should be
> > > granted to bring about the kind of benefits you listed as arising from
> > > monopolies.
> >
> > You miss an intentional limitation of the process. It was designed NOT to
> > stop someone from doing something that they have already been doing
> > in the public domain. This is very important, a patent should not be issued
> > for this example regardless of the hypothetical benefit you cite to mankind.
> > >
> > > The first question one needs to answer is whether monopolies should be
> > > granted at all. (patents and copyright are both monopoly grants). Then,
> > > if so, under what conditions should they be granted. My claim is that in
> > > the first approximation they should not be granted. They have too many
> > > flaws. Competition is far more effective in delivering the consumer
> > > goods than is any monopolistic practice.
> >
> > I have been there, I have a different opinion.
> > >
> > > If one believes that they should be granted, under what conditions? I
> > > believe that the conditions should be very stringent, and that the
> > > monopoly should be granted only for as short a time as at all possible
> > > in order to reap the supposed benefits to society (not the monopolist).
> >
> > Now we are to the meat! This is a topic that this group is well equipped to
> > Work on. It is very much like a crypto protocol. How do you prevent:
> > denial of service, man in the middle, replay attacks and other malicious
use.
> > It is far more similar than you would think because it is dealing with
> > information
> > where its value is its unknown (as yet) nature. I think the USPTO could
profit
> > alot from employing cryppies to consult on reforms. Unfortunately, they
wouldn't
> > stay on topic very long and would drift of into social engineering.
> > >
> > > In software I see no evidence whatsoever of any benefit to society of
> > > granting such monopolies, and huge costs. People are willing to write
> > > software, people are willing to write software for free, and of a very
> > > high standard (see Linux as an example). In the face of that evidence to
> > > claim that software would only get written if monopolies were granted
> > > seems to me to fly in the face of all evidence. The software industry
> > > took off with no patents. patents as a corporate tool in software has
> > > really only taken ahold in the past few years, and is being used to
> > > stifle not enhance competition and innovation. As in a criminal court,
> > > the evidence should be there beyond a reasonable doubt that the monopoly
> > > is essential befor any such monopoly should be granted.
> >
> > A trial to grant a patent? If you want to kill it, get out your gun i.e.
> > A constitutional ammendment against this task as a role of our (US)
government
> > don't offer reasonable compromise to leave it castrated but in place.
> > >
> > >
> > >
> > > ]>
> > > ]> ]If effective IP were available it would be worth investing great
effort
> > into
> > > ]being the
> > > ]> ]best. Without effective IP protection such effort is wasted because
it
> > can
> > > ]be cloned
> > > ]> ]cheaply and the fruits squandered. Some consider this a good thing in
> > that
> > > ]it makes
> > > ]> ]whatever accidentally turns out to be good (more accurately popular)
> > widely
> > > ]available
> > > ]> ]within a short time span.
> > > ]>
> > > ]> ]Others consider this to be a bad thing because there is a positive
> > > ]disincentive toward
> > > ]> ]quality. It costs time. And the sine qua non of modern software
> > marketing
> > > ]is to be
> > > ]> ]first rather than best.
> > > ]>
> > > ]> And you raplidly have to be best as well, or you are out.
> > > ]>
> > > ]>
> > > ]> ]In the short term, we can economically purchase the best that is
available
> > in
> > > ]the market
> > > ]> ]because any innovation is rapidly emulated. In the long term the best
> > that
> > > ]is available
> > > ]> ]in the market is far lower that it would be because there is no
incentive
> > > ](differential
> > > ]> ]advantage) for production of better software. Since short term
effects
> > > ]dissipate and
> > > ]>
> > > ]> I disagree completely with this anticompetitive stance. Barriers to
> > > ]> competition simply enrich the monopolists, and do not lead to
> > > ]> improvements.
> > >
> > > ]The intent of the patent process is to remove barriers to competition and
> > > ]therefore stimulate innovation. You can rightly cite some examples where
the
> > > ]Process has failed or been abused to do the opposite. So what? No law or
> > > ]practice
> > > ]shall be allowed unless it is demonstratably perfect in the presence of a
> > > ]determined
> > > ]adversary? Wasn't it the Polish who had a practice that regulations could
> > only
> > > ]be
> > > ]passed by unanimous approval of their senate.
> > > ]>
> > > ]> ]long term effects accumulate, at some point past initialization the
market
> > > ]will be
> > > ]> ]dominated by long term effects, and saturated with bad software.
> > > ]>
> > > ]> Just like it is saturated with bad coffee? Wouldn;t it be nice if we
> > > ]> only had one coffee company, one car company( with no imports allowed),
> > > ]> one runhing shoe company,... Think of how great all of our products
> > > ]> would be then!
> > > ]> The arguements you give were exactly the arguements made by the
> > > ]> Communists in setting up their economic system. Competition is
wasteful.
> > > ]> Competition means that the manufacturers spend all their time wasting
> > > ]> time worrying about their competitors rather than worrying about how to
> > > ]> make the best product for the consumer. Unfortunately that is not the
> > > ]> way the world works. Competition is the best incentive for improving
> > > ]> both the range AND quality AND price of products in the vast majority
of
> > > ]> situations. It is not universal, and there are times when limits on
> > > ]> competition are beneficial. But those need to be thought through very
> > > ]> carefully, that those anticompetitive practices really do more good
than
> > > ]> harm. The problem is that all industries love anticompetitive laws--
> > > ]> they no longer have to worry since there is noone to take their market
> > > ]> away. And those industries will put immense pressure on corrupting the
> > > ]> governments to grant them anticompetitive laws. Those pressures should
> > > ]> almost always be resisted. And they should especially be resisted in
the
> > > ]> software industry.
> > > ]>
> > > ]> For example, software copyrights should be reduced to say 3 years,
> > > ]> extendible to 7 is the source is published. Any more than that is just
> > > ]> silly. And given MS claim that they lost the source code for DOS,
giving
> > > ]> copyright protection where the code is not made public is strongly
> > > ]> against the public interest. (Note that this would have made the Y2K
> > > ]> problem a hell of a lot more manageable.)
> > >
> > > ]You wish to ammend law on the basis of the antics of bad boy Bill?
> > > ]I'm sure he is flattered.
> > > ]>
> > > ]>
> > > ]> ]Some observers attribute the low quality of software to its commodity
> > status,
> > > ]reasoning
> > > ]> ]that if the customers cannot tell the difference between high and low
> > > ]software quality
> > > ]> ]there will never be any reason to "waste" effort on raising quality
> > because
> > > ]it will not
> > > ]> ]result in more sales. In fact it will result in less revenue based on
> > > ]upgrades.
> > > ]>
> > > ]> Ah, yes, the theory that governments should be there to protect the
> > > ]> stupid consumer from having to make uninformed choices.
> > > ]>
> > > ]>
> > > ]> ]But this misses the point. Customers _can_ tell the difference. But
that
> > > ]difference is
> > > ]> ]dominated by cost differences. So a company that prices its software
> > higher
> > > ]than the
> > > ]> ]competition to cover serious development effort will price themselves
out
> > of
> > > ]the market
> > > ]> ]composed of competitors who "me too!" the fruits of the development
effort
> > > ]without
> > > ]> ]paying for it. So customers will always pay less for approximately
the
> > same
> > > ]quality.
> > > ]>
> > > ]> ]Effective IP would restore the balance between quality and cost and
reduce
> > > ]the
> > > ]> ]domination of the first-to-market mentality.
> > > ]>
> > > ]> All the evidence is to the contrary in country after country, century
> > > ]> after century. Monopoly powers breed contempt of the consumer, not
> > > ]> heightened regard for his/her well being.
> > > ]>
> > > ]> Consumers are perfectly capable of making the choice between price and
> > > ]> quality on their own without governments and laws to "help" them.
> > > ]>
> > > ]> ]Conclusion: I can say that software has suffered in the US if low
quality
> > > ]counts as
> > > ]> ]suffering.
> > > ]>
> > > ]>
> > > ]> ]Is this off topic? Perhaps not. Crypto is similar to software as an
> > > ]industry with an
> > > ]> ]abstract, almost ineffable, product. And crypto -- as an industry --
is
> > > ]younger than
> > > ]> ]software. Perhaps crypto can do better.
> > > ]>
> > > ]>
> > > ]> Not if it is going to get mandated by the government.
> > >
> > >
>
>
>
>
------------------------------
** FOR YOUR REFERENCE **
The service address, to which questions about the list itself and requests
to be added to or deleted from it should be directed, is:
Internet: [EMAIL PROTECTED]
You can send mail to the entire list (and sci.crypt) via:
Internet: [EMAIL PROTECTED]
End of Cryptography-Digest Digest
******************************
