Re: Snake-Oil FAQ

At 05:27 AM 9/22/96 -0700, you wrote:
My view is that people interested in buying and using crypto are either bright enough to learn, or are not. A "Snake Oil FAQ" is largely unnecessary, for either category. For the first, because they're bright. For the second, because they're not.
My view is that there is a large third group of people who are bright enough to learn, but don't have the time or inclination to read books or do extensive research on the subject. There are a lot of people using PGP for the wrong reason, not because they read the books or did the research. Nor do they even understand how it works as opposed to how it is used. They are using it because they cruised the net and read good things about it or heard it was cool. A Snake Oil Faq could help prevent these people from choosing wrong products. It would also be very helpful to have all the arguments in one place in one concise faq. Before I joined this list and read Applied Cryptography I was in a discussion in a previous job about securing one of our products. The programmer wanted to protect the key with a convoluted series of transpositions. I knew it was dumb but couldn't successfully argue the point why. A faq would have been helpful. There a lot of people with a casual interest in crypto who will remember that there is a faq on bad crypto. When the time comes they may be able to use those arguments to help avoid the use of bad crypto. Steven ------------------------------------ Steven Ryan - Reading Access - sryan@reading.com PGP Fingerprint: E8 A2 C5 A2 7A C4 77 93 0A 1B 1D C6 B9 2F 36 9B Finger me for my PGP public key
participants (1)
-
steven ryan