On Thu, 28 Dec 2000, Tim May wrote:
At 3:56 AM -0500 12/28/00, dmolnar wrote:
I'm in the midddle of composing a reply to Tim's message (which is getting bigger every time I sit down to finish it, ominously enough).
Sounds good to me!
One of the points that has popped into my mind so far is that while we've had academic crypto research since the 80s, thanks to Rivest, Shamir, Aldeman, Diffie, Hellman, and others willing to defy the NSA, we have _not_ had a similar tradition of commercial cryptography - or at least, not a tradition of companies obtaining money for cryptographic *protocols* as opposed to ciphers.
Not enough energy by half has been focused on protocols. I think there's probably a good set of programs to be written here. Basically, I'm thinking in terms of the old unix philosophy -- "A good program does exactly one thing, and does it well.". If somebody designs a good set of command-line programs, which produce output usable by each other so that they can be piped together in useful ways on a unix command line, then protocols should be easy to implement as shell scripts. But a proper building block would have to be scriptable from the word "go." You'd have to fix it so that anything it could do, at all, it could do "in a straight run". A command line, a command file, whatever. And you'd have to do it so your keys didn't wind up in unencrypted batch files. Maybe a reference to keys' locations in an encrypted file system would be what went on the command line. Such energy as has been focused on protocols has been at the level of applications -- basically fixing them in source code so the users can't as easily pick them apart and stick them back together again different. Hmmm. More later. Some ideas are percolating through my head but they're not very well developed. Bear