Utility of Snake Oil FAQ

[Jeremiah A Blatz]

-----BEGIN PGP SIGNED MESSAGE-----

C Matthew Curtin <cmcurtin at research.megasoft.com> writes:
> Got a bit of an update for everyone who was interested in the utility
> of the Snake Oil FAQ. Tim May raised the issue that it seems likely
> that a usenet FAQ will only reach people sufficiently clued to look
> for a usenet FAQ, which probably means they're clued enough to already
> know what's in the FAQ. I myself had this concern, but went ahead
> taking everyone's input and working on it anyway.

Good for you. I think Tim has largely overestimated the clue of the
average FAQ-reader. I've learned quite a bit from FAQs. Besides,
multiple distribution points for the same info are a Good Think, in
that they increase exposure, and use different language to express the
same things, thus allowing greater comprehension.

A few suggestions:
Pot the warning signs near the top. The technical intro is too brief
to be easily understandable by mosr MIS folks, and may scare them
away. I think a good organization for the document would be
1) Warning signs
2) The stuff about key sizes
3) The technical intro
4) everything else

Also, I saw no mention of source releases in the warning signs
section. Publishing your algorithm is good, but if there's a bug in
your random-number generator (Netscape?), you're screwed.

Examples of good and bad crypto. Stuffit and MSWord encryption is bad,
PGP is good, that sort of thing.

Anyway, I think it's a good resource.

Jer

"standing on top of the world/ never knew how you never could/ never knew
 why you never could live/ innocent life that everyone did" -Wormhole

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQB1AwUBMq8Izckz/YzIV3P5AQF70AL8DvPm3YRujGshMZcxlj5Liz+eZEVimOUA
zc8P/iePJo4vP+Xt76kHPGGC4BPjgyIggXeLlL0q3H1mkUXCmFZIalAHe8egvOxs
g+JrAPppn4VtDjWFbbmtOND6umioxTr9
=PzLL
-----END PGP SIGNATURE-----