My original point was that adding additional complexity into the system is
never simple. It is not just the small increment of complexity added that
is the issue, it is how it interacts with all the existing increments of

Network admin is very hard because the tools provided are total crap. It
would be very easy for parts of the network to give feedback such as 'which
port is hogging bandwidth by jabbering away in NETBIOS' but they don't.

Net admins tend to be very suspicious of changes to configurations for good
reason, they have been burned many times before by 'simple' changes.

As for people warning about bugs... well yes, I told netscape about the
flaw in their PRNG over a year before someone decompiled the code and
'discovered' it. Jeff Schiller and Alan Schiffman had both been on at me
about the pitfalls of RNGs. Jeff because the Kerberos people got burned
that way.

What it comes down to in part is that some of us have a very different
model of how to write code than the rest of you. Cross site scripting, SQL
injection, buffer overruns, simply cannot occur in my coding world because
I would never use a scripting language that way or SQL or have code without
pervasive bound checking.

The NSA avoids errors like Bleichenbacher in the same way. Perhaps we can
learn from them.

In the meantime, if we want to get past the net admins we have to give them
a royal road and not lecture them.

On Fri, Nov 2, 2012 at 8:52 PM, Jon Callas <> wrote:

> On Nov 1, 2012, at 11:00 AM, Stephen Farrell <>
> wrote:
> >
> >
> > On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote:
> >> Having worked in Web security over 20 years now, I have still to see a
> case
> >> where a system was breached because of a really subtle design flaw.
> >
> > Bleichenbacher?
> Maybe. By the time Bleichenbacher was actually an issue, a number of us
> had been screaming for years. I suppose you can say that it was really
> subtle because the people concerned about it weren't listened to. But that
> has its own ick factor, too. Everything that people don't believe is
> subtle. Is it subtle that you shouldn't be using 1024 bit RSA keys? 512?
>         Jon
> _______________________________________________
> therightkey mailing list

therightkey mailing list

Reply via email to