There is a bit of a faction that develops for one side or the other of the
'obscurity' argument. Some want to develop an algorithm in obscurity to be
able to sell it, others so that a third party doesn't steal it and claim its
theirs. Open development and discussion of security issues, otoh, is often
defended because it allows the significant number of intelligent people in
those forums to put their minds together and solve a problem together.
There is an attitude at Microsoft, however, that closed and proprietary
systems that they develop on their own are somehow the end-all and be-all of
their innovativeness. Microsoft uses Kerberos, yes, but not in a
spec-compliant manner and they still won't open the specs on how NTFS works
to anyone unless you sign an NDA and beg and plead.
----- Original Message -----
From: "Noonan, Wesley" <[EMAIL PROTECTED]>
Perhaps my choice of words "divulge their code" was bad, and my choice of
"how I encrypt/authenticate something" was incredibly over simplified, and
thus flawed. The point about the algorithm is an absolutely valid one, to
which I have no great rebuttal. In fact, I quite agree. I think W2K makes
some good steps forward (Kerberos), but at the time takes some good steps
backwards (EFS). In short, it is too early to say the walk is done, but I
think we can say, over all, they are walking forward (albeit slower than
many of us, myself included, would like).
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
