At 10:41 PM -0400 9/27/00, David Honig wrote:
At 07:51 PM 9/27/00 -0400, Tim May wrote:
At 7:33 PM -0400 9/27/00, David Honig wrote:
It does create a single-point-of-failure if everyone uses the same library (or other independent 'module'), but on the other hand, everyone rolling their own is likely to introduce more fatal flaws.
Curious what the alternatives are,
I said nothing about "everyone rolling their own."
Yes, that was the most extreme contrast I could think of. A straw man. Obviously bad practice.
What kind of modularity (not including linking a source-inspectable library) were you thinking of?
For example, receiving or sending text with PGP (of an early-enough vintage, or one which has been vetted extensively). Using clipboards, for example. This works for text, sending and receiving, and has the advantage that the crypto program is orthogonal to the browser, mail client, whatever. It works best for text, not so well for browsing, temporary connections, etc. (Though the basic idea is still valid, just much more complex to make work.) Most important "encrypted messages" fit this model of a browser/mailer transmitting _generalized text_, with a crypto program then turning this generalized text into something else. Regrettably, and as I predicted at several Cypherpunks meetings in '93 or so, the effect of "integrating crypto into apps" is to make analysis of the algorithms and possible trapdoors much more problematic. (I argued in '93-94 that the then-mania for "integrating crypto into PINE and Eudora" was misdirected, for reasons related to the above points.) This has nothing whatsoever to do with "everyone rolling their own." Quite the opposite, in fact. --Tim May -- ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, "Cyphernomicon" | black markets, collapse of governments.