-----BEGIN PGP SIGNED MESSAGE----- C Matthew Curtin <cmcurtin@research.megasoft.com> writes:
Got a bit of an update for everyone who was interested in the utility of the Snake Oil FAQ. Tim May raised the issue that it seems likely that a usenet FAQ will only reach people sufficiently clued to look for a usenet FAQ, which probably means they're clued enough to already know what's in the FAQ. I myself had this concern, but went ahead taking everyone's input and working on it anyway.
Good for you. I think Tim has largely overestimated the clue of the average FAQ-reader. I've learned quite a bit from FAQs. Besides, multiple distribution points for the same info are a Good Think, in that they increase exposure, and use different language to express the same things, thus allowing greater comprehension. A few suggestions: Pot the warning signs near the top. The technical intro is too brief to be easily understandable by mosr MIS folks, and may scare them away. I think a good organization for the document would be 1) Warning signs 2) The stuff about key sizes 3) The technical intro 4) everything else Also, I saw no mention of source releases in the warning signs section. Publishing your algorithm is good, but if there's a bug in your random-number generator (Netscape?), you're screwed. Examples of good and bad crypto. Stuffit and MSWord encryption is bad, PGP is good, that sort of thing. Anyway, I think it's a good resource. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMq8Izckz/YzIV3P5AQF70AL8DvPm3YRujGshMZcxlj5Liz+eZEVimOUA zc8P/iePJo4vP+Xt76kHPGGC4BPjgyIggXeLlL0q3H1mkUXCmFZIalAHe8egvOxs g+JrAPppn4VtDjWFbbmtOND6umioxTr9 =PzLL -----END PGP SIGNATURE-----