> Pease help to fill in items that I might have missed :)

        The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.

Hehe, I was trying really hard to put this issue into some tangible
numbers :)

There is always security risk related to the design, to the implementation,
to the administration, etc. From all the books/sources I've learned
crypto and security (including topics on information system auditing
and assurance, information security risk assessment), I couldn't find
any systematic methodology to estimate this. Everyone is talking
about it in bulleted items, kinda subjective.

This seems to come only with experience, and learn the hard
way after screwing up a couple of times, or something.

I don't know, I'm working on estimating the potential consequences
of a security breach. But this is way beyond my knowledge/experience/expertise.
And this is really on a case by case basis, no book can teach
me that, I guess.


Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to