Ian Grigg <[EMAIL PROTECTED]> writes: > This is where maybe the guild and the outside world part > ways. > > The guild would like the application builder to learn the > field. They would like him to read up on all the literature, > the analysies. To emulate the successes and avoid the > pitfalls of those protocols that went before them. The > guild would like the builder to present his protocol and > hope it be taken seriously. The guild would like the > builder of applications to reach "acceptable" standards. > > And, the guild would like the builder to take the guild > seriously, in recognition of the large amounts of time > guildmembers invest in their knowledge.
Actually, I could care less if they take "the guild" seriously, because there isn't any "guild". What I care about is that people take the risks seriously. This is all very much like the reaction back when lots of people were saying "please don't operate on people when you haven't washed your hands" and lots of other folks said "nuts to that sort of thing -- I've been a surgeon for 30 years and almost 20% of my patients survive!". When I read "The Codebreakers" in the late 1970s, one thing got drummed into my head in chapter after chapter after chapter. It is a simple lesson, but one that I will repeat here. Dumb cryptography kills people. It has a simple corollary. Dumb cryptography is built by people who don't understand that the problem is hard and that doing a bad job kills people. In chapter after chapter, you read about people making the same mistakes, over and over, and never learning, and then other people dying because they were too egotistical to believe that they could have made a mistake in the design of their security systems. We do not ask anyone join a mythical "guild". We ask that people not go off and build suspension bridges out of rotting twine. The problem, of course, is that although it is obvious why you don't want your suspension bridge hung from rotting twine instead of steel, it is far less obvious to the naked eye that using the C library random() call doesn't provide enough security to keep your nuclear power plant controls safe. > Well, the opposition to "the guild" is one of pro-market > people who get out there and build applications. I don't see any truth to that. You can build applications just as easily using things like TLS -- and perhaps even more easily. The "alternatives" aren't any simpler or easier, and are almost always dangerous. There isn't a guild. People just finally realize what is needed in order to make critical -- and I do mean critical -- pieces of infrastructure safe enough for use. -- Perry E. Metzger [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]