Hello, Rich ... When I drill down on the many pontifications made by computer security and cryptography experts all I find is given wisdom. Maybe the reason that folks roll their own is because as far as they can see that's what everyone does. Roll your own then whip out your dick and start swinging around just like the experts. Perhaps I'm not looking in the right places. I wade through papers from the various academic cryptography groups, I hit the bibliographies regularly, I watch the newgroups, and I follow the patent literature. After you blow the smoke away, there's always an "assume a can opener" assumption. The only thing that really differentiates the experts from the naifs is the amount of smoke. Now I'm certainly not arguing that given wisdom and hard experience have nothing to contribute but they aren't substitutes for either mathematical or even statistical certainty. And I do note in passing that their history of delivering fundamental truth would counsel having a backup plan particularly when it comes to the family jewels. Cheers, Scott -----Original Message----- -----Original Message----- From: Rich Salz [mailto:rsalz@datapower.com] Sent: Fri 5/30/2003 9:26 PM To: Eric Rescorla Cc: Bill Stewart; cypherpunks; cryptography@metzdowd.com Subject: Re: Nullsoft's WASTE communication system > It's utterly baffling to me why people like this choose to design > their own thing rather than just using SSL. Totally agree. At this point in time, if it's a TCP based protocol and it isn't built on SSL/TLS, it should pretty much be treated as snake oil, I'd say. Perhaps some kind of evangelism is needed. /r$ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com