Ian Grigg <[EMAIL PROTECTED]> writes:

>There appear to be a number of metrics that have been suggested:
>
>   a.  nunber of design "wins"
>   b.  penetration into equivalent unprotected market
>   c.  number of actual attacks defeated
>   d.  subjective good at the application level
>   e.  worthless measures such as deployed copies, amount of traffic 
>       protected

You forgot the most important one:

    f.  value added elsewhere

SSL's real strength is that it's convinced 100 million Joe Sixpacks that it's
safe to make purchases online.  This has nothing to do with security (you
could do the same with padlock GIFs stuck on your web page), but does count as
some sort of measure of "success", although it's marketing success rather than
security success.  Although they provide about the same level of real
security, it seems that SSH is the tool of choice for people who care about
providing real security while SSL is the tool of choice for people who care
about providing their customers warm fuzzies.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to