On 29/01/12 11:50 AM, Noon Silk wrote:
On Sun, Jan 29, 2012 at 11:31 AM, ianG<[email protected]> wrote:
On 29/01/12 10:45 AM, Noon Silk wrote:
... it's not sensible to say "QKD is snake
oil", without direct reference to something.
Well, if you don't like the conclusion, there are books written on how to
attack it :) that doesn't mean much tho.
QKD is snake oil because it achieves a benefit over other techniques that is
marginal, unreliable, unproven, and costs a hell of a lot of money.
The notion that you can spot someone fiddling with your packets is marketing
blather, in the scheme of things. In the real world, this will generally be
interpreted as faulty equipment (insert some bayesian statistics here) so
you can't rely on it being a feature that delivers value. If you want more,
think about an aggressive attacker ... all he's got to do is put a wiretap
on the fibre, futze with the packets enough until you get sick of it, and
then you'll change it all because you can't deal with it.
And, as the existing product out there provides pretty solid key exchange
for zero cost, relatively speaking, what's the point in paying megabucks for
it? QKD has to do something pretty remarkable make it worth all those
dollars, and what it does isn't nearly interesting enough.
It's straight forward economics, really.
With respect, you are (as I've seen happen on this list many many
times) responding to straw man arguments you're inventing. My comment
to Nico was:
I think it's important to note that it's obviously completely wrong to
say "QKD is snake-oil", what you *can* say is that someone *selling*
*any* demonstratably-insecure crypto device as a secure one, is snake
oil. So, that is to say, you can only claim snake-oil in reference to
a vendor and a device, not a field of research.
Obviously, only a product can cost a business money; research
performed at universities doesn't (directly) cost money. So that is to
say, the claim that QKD as a field is snake oil is just nonsense. If
you want to say "Stop funding QKD research because I personally feel
that it's useless", then do it; maybe people will be interested
(probably not, unless you are specific in your problems, with
reference to exact protocols). If you want to say "QKD is snake oil
because XYZ product has ABC flaws" then do it; but I can't see how
general comments about "QKD" are helpful, because they are useless
without referring to something specific.
It seems to me that you are resting on a sort of philosophical
assumption that pure research is pure, neither good nor bad. If that is
the case, the problem with this assumption is that QKD is not pure, it's
applied. We know precisely where we (as society) are going to apply the
results to, it's in the title: Key Distribution.
In this context, applied research is simply another product, or more
properly, it's another component in the product-life-cycle.
Sure, pure research isn't a product in the markets sense because we
don't know what we get out of it. So good, bad, snake oil labels don't
apply. We could say that astronomy can't be snake oil because we might
get some new wisdom out of listening to quasars that one day could turn
into applications.
But QKD is very very applied.
And, your claim that research at Universities doesn't cost money is
specious and naive. If you look at the way grants are funded,
channeled, marketed, politicised and manipulated, you'll find out that
it's a market / business process, just like anything else. Grants are
typically full of snake-oil claims.
I mean, look at this argument we've gotten ourselves into ... it's
also completely useless. If you don't want to buy a QKD product, then
fine; so be it, I'm not trying to convince you otherwise (and I
certainly don't work for anyone who sells them; I'm just a student).
It's not useless. 9 out of 10 people with a long term background in
security advise not to invest a dime in QKD. If they're right, that
means the money is saved for something worthwhile.
All I'm saying is QKD is an interesting field of research, and it
seems a little bizarre to claim "snake oil!" while it's still being
developed.
Sure. But not wrong. Big difference between applied and pure research.
Think of it this way: a company shouldn't in general do pure
research, because it cannot show the benefit to shareholders, therefore
it is not meeting its mandate. It can do applied research, and does,
because the line is very clear in claims from expenditure to future
revenues.
Then, from that point, it is easy to see that applied research is just
another product-life-cycle issue. So yes, it can be labelled with
'snake-oil' or other like opinions, because we know where that product
is heading.
Of course we could be wrong in the call. But we're not wrong to make
the call.
iang
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography
