David Wagner wrote:

...
This struck me as poor design, not good design.  Asking the user to
make these kinds of choices seems like the kind of thing that only a
cryptographer could consider sensible.  In this day and age, software
should not be asking users to choose ciphers.  Rather, the software
should just pick a sensible high-grade security level (e.g., AES-128,
RSA-1024 or RSA-2048) and go with that, and avoid bothering the user.
Why even offer "low" as an option?  (And this "export" business sounds
like a throwback to a decade ago; why is that still there?)

Good crypto is cheap.  Asking a user is expensive and risky.

So I think there should be a broad design bias towards *implicit* correct
behaviour in all system features, with rope available for advanced users
to *explicitly* craft more complex use-cases. Once you have that, practical
security is not too difficult.

Amen.  I know of quite a few software packages that could use more of
that philosophy.


I think we are all coming around to the view that any choices are practically messy and dangerous, no matter how nice they look on paper.

The way I put it, there is only one mode, and it is secure. From there on, it only gets better. Obligatory rant:

http://iang.org/ssl/h3_there_is_only_one_mode_and_it_is_secure.html

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to