CDR: Re: Lions and Tigers and Backdoors, oh, my...

[brflgnk at cotse.com]

Tim said:
-- begin quote --
I can't speak to the truth or falsity or plausibility of some of the claims 
here, but there is a general point: modularization.

There is no real reason for crypto to be built into complex products, at least 
not when those products are well-suited for handling text (and even files).

If speech is in the form of ASCII (or even MIME) text, then end-to-end crypto 
can be done using fairly basic (and hence more easily verfied, audited, and 
tested by time) modules which are NOT PART OF THE MORE COMPLEX PRODUCT.

To wit, who really cares whether Netscape 4.08 or 4.07 has crypto built in so 
long as a robust, non-trapdoored crypto program is available/
-- end quote --

I quite agree.  In fact, that's why I don't use a web browser as a mail client 
(this nym's only interface is webmail, which is a different case).  The salient 
point of this thread, though, is that the built-in crypto under discussion is 
the SSL engine, not the mail client.  If you (or anyone else) knows of a web 
browser that takes a drop-in SSL module (hopefully open-source), I'd be pleased 
to learn of it.  Would be interesting to see if Wells Fargo would accept a 
connection from such a browser.