Utility of Snake Oil FAQ
Got a bit of an update for everyone who was interested in the utility of the Snake Oil FAQ. Tim May raised the issue that it seems likely that a usenet FAQ will only reach people sufficiently clued to look for a usenet FAQ, which probably means they're clued enough to already know what's in the FAQ. I myself had this concern, but went ahead taking everyone's input and working on it anyway. I received at least a half dozen requests from folks wanting to include it in internal memorandums, reference it in other (nontechnical) works about Internet and security issues, etc. It would seem that the message is getting out (admittedly slowly, perhaps at the rate of two a month), but I suspect that as more attention is brought to it, we'll continue to reach more people who need to see it. -matt P.S. For those of you who have tuned in late, the URL is http://www.research.megasoft.com/people/cmcurtin/snake-oil-faq.html -- Matt Curtin cmcurtin@research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet
-----BEGIN PGP SIGNED MESSAGE----- C Matthew Curtin <cmcurtin@research.megasoft.com> writes:
Got a bit of an update for everyone who was interested in the utility of the Snake Oil FAQ. Tim May raised the issue that it seems likely that a usenet FAQ will only reach people sufficiently clued to look for a usenet FAQ, which probably means they're clued enough to already know what's in the FAQ. I myself had this concern, but went ahead taking everyone's input and working on it anyway.
Good for you. I think Tim has largely overestimated the clue of the average FAQ-reader. I've learned quite a bit from FAQs. Besides, multiple distribution points for the same info are a Good Think, in that they increase exposure, and use different language to express the same things, thus allowing greater comprehension. A few suggestions: Pot the warning signs near the top. The technical intro is too brief to be easily understandable by mosr MIS folks, and may scare them away. I think a good organization for the document would be 1) Warning signs 2) The stuff about key sizes 3) The technical intro 4) everything else Also, I saw no mention of source releases in the warning signs section. Publishing your algorithm is good, but if there's a bug in your random-number generator (Netscape?), you're screwed. Examples of good and bad crypto. Stuffit and MSWord encryption is bad, PGP is good, that sort of thing. Anyway, I think it's a good resource. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMq8Izckz/YzIV3P5AQF70AL8DvPm3YRujGshMZcxlj5Liz+eZEVimOUA zc8P/iePJo4vP+Xt76kHPGGC4BPjgyIggXeLlL0q3H1mkUXCmFZIalAHe8egvOxs g+JrAPppn4VtDjWFbbmtOND6umioxTr9 =PzLL -----END PGP SIGNATURE-----
At 2:17 PM -0500 12/11/96, Jeremiah A Blatz wrote:
-----BEGIN PGP SIGNED MESSAGE-----
C Matthew Curtin <cmcurtin@research.megasoft.com> writes:
Got a bit of an update for everyone who was interested in the utility of the Snake Oil FAQ. Tim May raised the issue that it seems likely that a usenet FAQ will only reach people sufficiently clued to look for a usenet FAQ, which probably means they're clued enough to already know what's in the FAQ. I myself had this concern, but went ahead taking everyone's input and working on it anyway.
Good for you. I think Tim has largely overestimated the clue of the average FAQ-reader. I've learned quite a bit from FAQs. Besides, multiple distribution points for the same info are a Good Think, in that they increase exposure, and use different language to express the same things, thus allowing greater comprehension.
Careful. I didn't say precisely what Matthew said I said. My comment, from some months ago, was, as I recall, that the people _most in need_ of reading such a FAQ would probably be unreached by it. By "most in need" I also meant the _developers_ of snake oil systems. As a recent example, I rather doubt that the developers of the "virtual one-time pads" and "really good Caesar ciphers" have seen the FAQ. Or, if they have, that they understood the relevance for their own products. The best "snake oil FAQ" is reading the first few chapters of, say, Schneier. Those who read enough of Schneier are well-prepared to see the flaws in "virtual one time pads," while those too lazy to bother are almost certainly not likely to learn much from a FAQ. I think it's fine that the authors of the Snake Oil FAQ generated it. To each their own. My approval is not needed, as the Cyperpunks group is neither a collective nor a democracy. --Tim May Just say "No" to "Big Brother Inside" We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
"Timothy C. May" <tcmay@got.net> writes:
I think it's fine that the authors of the Snake Oil FAQ generated it. To each their own. My approval is not needed, as the Cyperpunks group is neither a collective nor a democracy.
Dunno about "cyperpunks", but "cypher punks" are a bunch of clueless assholes. --- Dr.Dimitri Vulis KOTM Brighton Beach Boardwalk BBS, Forest Hills, N.Y.: +1-718-261-2013, 14.4Kbps
participants (4)
-
C Matthew Curtin -
dlv@bwalk.dm.com -
Jeremiah A Blatz -
Timothy C. May