>I know it sounds good, but has it ever worked? Has any vendor ever been
>successfully attacked through a
> weak demo system, and then rolled out a new one *which happened to be
> prepared in time for this eventuality* ?
Not a shining example of secure protocol design, but here's one example:
> If users demand an insecure mode, it is because your secure mode has bad user
> interface.
I'm actually thinking about things like web services where the "user" isn't
someone sitting in front of a UI, but a programmer, or a team of programmers,
testers, and operational personnel.It's easy
Re: H3, "There is one mode and it is secure"
I have found that when H3 meets deployment and use, the reality too often
becomes: "Something's gotta give." We haven't yet found a way to hide enough
of the complexity of security to make it free, and this inevitably causes
conflicts with goals lik