David Wagner wrote:
...
This struck me as poor design, not good design. Asking the user to
make these kinds of choices seems like the kind of thing that only a
cryptographer could consider sensible. In this day and age, software
should not be asking users to choose ciphers. Rather, the software
should just pick a sensible high-grade security level (e.g., AES-128,
RSA-1024 or RSA-2048) and go with that, and avoid bothering the user.
Why even offer "low" as an option? (And this "export" business sounds
like a throwback to a decade ago; why is that still there?)
Good crypto is cheap. Asking a user is expensive and risky.
So I think there should be a broad design bias towards *implicit* correct
behaviour in all system features, with rope available for advanced users
to *explicitly* craft more complex use-cases. Once you have that, practical
security is not too difficult.
Amen. I know of quite a few software packages that could use more of
that philosophy.
I think we are all coming around to the view that any
choices are practically messy and dangerous, no matter how
nice they look on paper.
The way I put it, there is only one mode, and it is secure.
From there on, it only gets better. Obligatory rant:
http://iang.org/ssl/h3_there_is_only_one_mode_and_it_is_secure.html
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]