On 13/10/2014 01:03 am, coderman wrote: > On 9/22/14, coderman <coder...@gmail.com> wrote: >> ... >>> Please elaborate. TKIP has not been identified as a ‘active attack’ >>> vector. > > hi nymble, > > it appears no one cares about downgrade attacks, like no one cares > about MitM (see mobile apps and software update mechanisms). [0]
No, and I argue that nobody should care about MITM nor downgrade attacks nor any other theoretical laboratory thing. I also argue that people shouldn't worry about shark attacks, lightning or wearing body armour when shopping. What distinguishes what we should care about and what we shouldn't is data. And analysis of that data. In absence of data, you're in FUD land. Just another religion, or another lightning rod salesman [1]. > 0. "no one cares" - this is not strictly true; people care a bit more > if you have done significant and detailed analysis of the sort that > eats lives by the quarter-year. i have long since quit giving freebies > freely, and instead pick my disclosures carefully with significant > limitations. Well, if that translated to data of actual attacks, hacks, losses, then I'd have more sympathy. Otherwise, it's all sales in the market for silver bullets. Or indistinguishable from, the harder you want people to care, the more a salesman copies your technique ... > perhaps i should re-state: "no one working in the public interest > cares". there is a roaring business for silence and proprietary > development, and these people care quite a bit. Yeah, ain't that the truth. Meanwhile, data... iang [1] a "lightning rod salesman" is an expression in earlier American times which refers to someone selling something you don't really need. I think, perhaps others could explain it better... _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
