Hello, Rich ...
When I drill down on the many pontifications made by computer
security and cryptography experts all I find is given wisdom. Maybe
the reason that folks roll their own is because as far as they can see
that's what everyone does. Roll your own then whip out your dick and
start swinging around just like the experts.
Perhaps I'm not looking in the right places. I wade through papers from
the various academic cryptography groups, I hit the bibliographies
regularly, I watch the newgroups, and I follow the patent literature. After
you blow the smoke away, there's always an "assume a can opener"
assumption. The only thing that really differentiates the experts from the
naifs is the amount of smoke.
Now I'm certainly not arguing that given wisdom and hard experience
have nothing to contribute but they aren't substitutes for either mathematical
or even statistical certainty. And I do note in passing that their history of
delivering fundamental truth would counsel having a backup plan particularly
when it comes to the family jewels.
Cheers, Scott
-----Original Message-----
-----Original Message-----
From: Rich Salz [mailto:[EMAIL PROTECTED]
Sent: Fri 5/30/2003 9:26 PM
To: Eric Rescorla
Cc: Bill Stewart; cypherpunks; [EMAIL PROTECTED]
Subject: Re: Nullsoft's WASTE communication system
> It's utterly baffling to me why people like this choose to design
> their own thing rather than just using SSL.
Totally agree. At this point in time, if it's a TCP based protocol
and it isn't built on SSL/TLS, it should pretty much be treated
as snake oil, I'd say. Perhaps some kind of evangelism is needed.
/r$
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
