> Pease help to fill in items that I might have missed :)
The security risk that this non-standard scheme might introduce an
unforseen vulnerability. This is, IMO, as likely as that it will protect
against some unforseen vulnerability -- the alleged reason for the scheme.
Hehe, I was trying really hard to put this issue into some tangible
There is always security risk related to the design, to the implementation,
to the administration, etc. From all the books/sources I've learned
crypto and security (including topics on information system auditing
and assurance, information security risk assessment), I couldn't find
any systematic methodology to estimate this. Everyone is talking
about it in bulleted items, kinda subjective.
This seems to come only with experience, and learn the hard
way after screwing up a couple of times, or something.
I don't know, I'm working on estimating the potential consequences
of a security breach. But this is way beyond my
And this is really on a case by case basis, no book can teach
me that, I guess.
Is your PC infected? Get a FREE online computer virus scan from McAfee®
OpenSSL Project http://www.openssl.org
User Support Mailing List firstname.lastname@example.org
Automated List Manager [EMAIL PROTECTED]