At 04:21 AM 8/16/02 -0400, dmolnar wrote: ...
Don't forget schedule pressure, the overhead of bringing in a contractor to do crypto protocol design, and the not-invented-here syndrome. I think all of these contribute to keeping protocol design in-house, regardless of the technical skill of the parties involved.
Also, designing new crypto protocols, or analyzing old ones used in odd ways, is mostly useful for companies that are offering some new service on the net, or doing some wildly new thing. Many of the obvious new things have been done, for better or worse, and few companies are able to get funding for whatever cool new ideas they may have for the net, good or bad. And without funding, people are a lot more likely to either decide to do the security themselves, apply openSSL and a lot of duct tape and hope for the best, or just ignore security. Sure, it may cost a lot later, but they're going broke *now*.
-David
--John Kelsey, kelsey.j@ix.netcom.com // jkelsey@certicom.com --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com