On Wed, 1 Oct 2003, John S. Denker wrote:

>According to 'ps', an all-up ssh system is less
>than 3 megabytes (sshd, ssh-agent, and the ssh
>client).  At current memory prices, your clients
>would save less than $1.50 per system even if
>their custom software could reduce this "bulk"
>to zero.

That's not the money they're trying to save.  The money they're trying
to save is spent on the salaries of the guys who have to understand
it.  Depending on what needs you have, that's anything from
familiarity with setting up the certs and authorizations and servers
and configuring the clients, to the ability to sit down and verify the
source line by line and routine by routine.  The price of computer
memory is a non sequitur here; people want something dead-simple so
that there won't be so much overhead in _human_ knowledge and
understanding required to operate it.

Crypto is not like some game or something that nobody has to really
understand how it works; key management and cert management is a
complex issue and people have to be hired to do it.  Code that has so
much riding on it has to be audited in lots of places, and people have
to be hired to do that.  Every line of code costs money in an audit,
even if somebody else wrote it.

So, yeah, they'd rather see a lot of stuff hard-coded instead of
configurable; hard-coded is easier to verify, hard-coded has less
configuration to do, and hard-coded is cheaper to own.  We get so busy
trying to be all things to all people in computer science that we
often forget that what a lot of our clients really want is simplicity.

>1) Well, they could just ignore the new release
>and stick with the old version.  Or, if they think
>the new features are desirable, then they ought
>to compare the cost of "re-stripping" against the
>cost of implementing the new desirable features
>in the custom code.

And in a lot of places that's exactly what they do.  If the shop
requires a full code audit before taking any new software, going to
the new version can cost tens of millions of dollars over and above
the price.  And the bigger the new version's sourcecode is, the more
the audit is going to cost.

>2) If you do a good job "stripping" the code, you
>could ask the maintainers to put your #ifdefs into
>the mainline version.  Then you have no maintenance
>hassle at all.

You wouldn't.  But the people who have to slog through that tarball of
code for an audit get the jibblies when they see #ifdefs all over the
place, because it means they have to go through line by line and
routine by routine again and again and again with different
assumptions about what symbols are defined during compilation, before
they can certify it.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to