On Wed, Jul 13, 2011 at 2:02 AM, Ian G <[email protected]> wrote: > On 13/07/11 3:10 AM, Hill, Brad wrote: >> >> Re: H3, "There is one mode and it is secure" >> >> I have found that when H3 meets deployment and use, the reality too often >> becomes: "Something's gotta give." We haven't yet found a way to hide >> enough of the complexity of security to make it free, and this inevitably >> causes conflicts with goals like adoption. >> >> An alternate or possibly just auxiliary hypothesis I've been promoting on >> how to respond to these pressures is: >> >> "Build two protocols and incentivize." >> >> That is: >> >> Recognize in advance that users will demand an insecure mode and give >> it to them. > > I've heard of users demanding easy modes, but never demanding insecure modes > :)
Well, I wouldn't necessary count these as "users" perhaps (at least not the primary users), but if you do, then I'm pretty sure that I recall the FBI demanding such things. ;-) -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
