On Thu, Jan 31, 2008 at 03:46:47PM -0500, Thor Lancelot Simon wrote:

> On Thu, Jan 31, 2008 at 04:07:03PM +0100, Guus Sliepen wrote:
> > 
> > Peter sent us his write-up up via private email a few days before he
> > posted it to this list (which got it on Slashdot). I had little time to
> > think about the issues he mentioned before his write-up became public.
> > When it did, I (and others too) felt attacked in a cruel way. Peter
> > ignored all the reasons *why* we used the kind of crypto we did at
> > that moment, compared it to a very high standard, and made it feel like
> > every thing we didn't do or didn't do as well as SSL made our crypto
> > worthless. 
> There is no valid reason to ship snake oil cryptography (at any moment).
> There is no standard but a high standard which is appropriate for
> comparison.
> Since SSL was already available, there was no excuse to do anything
> worse.

Please understand the following:

I am not defending the use of our less-than-SSL crypto in tinc. But
there are reasons why we implemented it the way we did at that time. It
doesn't matter whether these reasons were bad or good. The result of
ignoring the why, and "attacking" others by pointing out everything they
do wrong in your perspective (even though your perspective is perfectly
right), and then finishing off the way Peter did, which is easily
perceived as an insult if you are on the receiving end of it, does not
encourage others to fix the problems, but rather puts others in
defensive mode.

Are you out to help others, or just to look down on them? If it's the
first, then please make others accept your help by just formulating
things in a more friendly way (although a patch with a fix would soften
up things as well). If it's the latter, please continue just as you are
doing now.

Now some (good and/or bad) reasons why we ended up with our
lesser-than-SSL crypto, in no particular order:

- SSL was not perceived at that time as a solution for our problem.
- We were application writers, not security specialists. We had to
  encrypt traffic, we did the best to our knowledge at that time.
- I had read Schneier's Applied Cryptography from front to end a few
  times. It made me feel I knew everything about crypto. Even Bruce
  admits he thought at that time he had put everything a programmer
  needed to know about crypto in that book. It doesn't mention SSL.
- We needed to tunnel data over UDP, with UDP semantics. SSL requires a
  reliable stream. Therefore, we had to use something other that SSL to
  tunnel data.
- It was fun to come up with a full duplex authentication scheme using
  RSA. More fun than using someone elses stuff.
- Because we could.
- We were Free Software developers who did it in our spare time for fun,
  we were not a company that sells it as one of its products.

> It seems that you still don't understand those things, or you would not
> complain about them even at this far removed date.  How unfortunate.

It seems that you haven't read the rest of my email, or you would not
have written that sentence. I am enlightened now :)

Met vriendelijke groet / with kind regards,
      Guus Sliepen <[EMAIL PROTECTED]>

Attachment: signature.asc
Description: Digital signature

Reply via email to