--
Ivan Krstic' wrote:
> The wider point of Peter's writeup -- and of the
> therapy -- is that developers working on security
> tools should _know_ they're working in a notoriously,
> infamously hard field where the odds are
> _overwhelmingly_ against them if they choose to
> engineer new solutions.

That point is of course true.  But the developers wanted
to transport IP and UDP.  Peter should have known that
SSL is incapable of transporting IP and UDP, because it
will introduce large, unpredictable, and variable
delays.

If, for example, VOIP goes over SSL, the speakers would
become entirely unintelligible.

So yes, the developers were incompetent in that they
badly underestimated the difficulty of the task.  And
Peter was incompetent in thinking that one layer of a
solution for a particular problem can be plucked out of
that environment, an environment where it works very
badly, and plonked into another, very different,
environment.

Not only do new solutions generally not work, but
existing solutions generally work badly, and are
commonly inapplicable outside their particular special
environment.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to