Phil thinks I misunderstood/misrepresented him. His statement
<begin extract> But in the real world, such assumptions often don't apply, and so even relatively weak crypto can be de facto quite secure. </end extract> immediately following the one about DES that I quoted earlier suggests otherwise to me. I am delighted that he does not in fact judge DES effective. I reacted to his comments as I did because their "realist" flavor troubled me. On-line systems are in crisis; and this crisis---It was wholly predictable and was indeed predicted---is an outgrowth of a pervasive notion that the manifestly inadequate is enough. Two major retail chains have now lost the confidence of their most valuable customers, and they will not be the last organizations to find themselves in this situation. In these circumstances it seems to me that we have had enough expressions of what seems to me to be crackpot realism about security and encryption. None of this, of course, is intended to suggest that Phil is not entitled to have and express his own, very different views. -- John Gilmore, Ashland, MA 01721 - USA ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
