On Fri, Sep 9, 2011 at 6:22 PM, Peter Gutmann <[email protected]> wrote:
> May I make the following modest proposal: > > A "fix" (of whatever form you want to try) is only regarded as valid if it > leads to at least a 25% decrease in phishing, measured over the interval > before and after its introduction. We've had this discussion before. Attackers will go wherever the attacks are easiest, and if we don't fix things we know are attackable (all/most of them) we're just pushing the problem around, not really making the bad guys jobs easier. We still need to prioritize of course, and fix the things being exploited rather than just increasing key-lengths (the typical approach) but that doesn't mean that fixing things that aren't being exploited now, but we know can be exploited, is a waste of time. Right? - Andy _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
