Andy Steingruebl <[email protected]> writes: >We still need to prioritize of course, and fix the things being exploited >rather than just increasing key-lengths (the typical approach) but that >doesn't mean that fixing things that aren't being exploited now, but we know >can be exploited, is a waste of time.
My concern with this is that we've spent the last fifteen years energetically fixing the things that aren't being exploited. When do we start fixing the things that are? (Success criteria are the ultimate acid test of any new initiative, which is why you'll never, ever see them specified for government projects. All the people proposing new Rube Goldberg schemes - me included - should feel confident enough in them that they're prepared to say "My scheme, if adopted, will lead to an X% decrease in phishing". It doesn't even have to be 25%, let's make it really easy and say 5%, or even just "statistically significant". If you can't do that then you're not really proposing a solution but just looking for guinea pigs). Peter. _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
