On the somewhat tangential-to-cryptography topic of open versus closed source, may I suggest that the metrics that address the question are the classic ones that define availability: mean time between failure (MTBF) and mean time to repair (MTTR). As you know, you get 100% availability by driving MTBF to infinity or MTTR to zero. At this point in history with the array of installed base and vested interests that we have, I'd suggest that further investment in driving MTBF to infinity is a poorer spend that investing in driving MTTR to zero. On that proposition, open source wins as while it is true that closed source is better out of the box on average, open source has a brisker repair time. Or so it seems to this observer.
--dan _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography