John Young wrote:
Cypherpunks should be the last place to disclose a protection methodology except, perhaps, only perhaps, as a ploy to deceive.
Isn't that the procedural equivalent though of saying "you should always keep your cryptographic algorithm secret and only disclose an algorithm as a ploy to deceive"? Any good methodology, be it technological, cryptographic, or procedural, consists of elements which *must* be kept secret (the fewer the better), and elements which need not be. Disclosing the latter makes it easier to get peer review, encourages other people to use the same methodologies (which at worst increases the value of a break to an attacker, and at best allows the original poster's traffic to be "lost in the noise" amongst a larger amount of similar) and allows other people to build on that base and present different (and potentially better) methods. as Schneier has said repeatedly, any idiot can design something he can't figure how to break himself. Getting peer review of anything you might end up betting your life on, has to be worth its cost.