"Perry E. Metzger" wrote:


>    Dumb cryptography kills people.

What's your threat model?  Or, that's your threat

Applying the above threat model as written up in
"The Codebreakers" to, for example, SSL and its
original credit card nreeds would seem to be a

On the face of it, that is.  Correct me if I'm
wrong, but I don't recall anyone ever mentioning
that anyone was ever killed over a sniffed credit

And, I'm not sure it is wise to draw threat models
from military and national security history and
apply it to commercial and individual life.

There are scenarios where people may get killed
and there was crypto in the story.  But they are
far and few between [1].  And in general, those
parties gradually find themselves taking the crypto
seriously enough to match their own threat model
to an appropriate security model.

But, for the rest of us, that's not a good threat
model, IMHO.

> > Well, the opposition to "the guild" is one of pro-market
> > people who get out there and build applications.
> I don't see any truth to that. You can build applications just as
> easily using things like TLS -- and perhaps even more easily. The
> "alternatives" aren't any simpler or easier, and are almost always
> dangerous.

OK, that's a statement.  What is clear is that,
regardless of the truth of the that statement,
developers time and time again look at the crypto
that is there and conclude that it is "too much."

The issue is that the gulf is there, not whether
it is a fair gulf.

> There isn't a guild.

BTW, just to clarify.  The intent of my post was not to
claim that there is a guild.  Just to claim that there
is an environment that is guild-like.

> People just finally realize what is needed in
> order to make critical -- and I do mean critical -- pieces of
> infrastructure safe enough for use.

I find this mysterious.  When I send encrypted email
to my girlfriend with saucy chat in there, is that
what you mean by "critical" ?  Or perhaps, when I send
a credit card number that is limited to $50 losses, is
verified directly by the merchant, and has a home
delivery address, do you mean, that's "critical" ?  Or,
if I implement a VPN between my customers and suppliers,
do you mean that this is "critical" ?

I think not.  For most purposes, I'm looking to reduce
the statistical occurrences of breaches.  I'll take
elimination of breaches if it is free, but in the
absence of a perfect world, for most comms needs, near
enough is fine by me, and anyone that tells me that the
crypto is 100% secure is more than likely selling snake

For those applications that *are* critical, surely the
people best placed to understand and deal with that
criticality are the people who run the application
themselves?  Surely it's their call as to whether they
take their responsibilities fully, or not?


[1] the human rights activities of http://www.cryptorights.org/
do in fact present a case where people can get killed, and their
safety may depend to a lesser or greater extent on crypto.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to