CDR: Re: Lions and Tigers and Backdoors, oh, my...

[Sampo A Syreeni]

On Wed, 27 Sep 2000, David Honig wrote:

>Modularity *is* useful for keeping things simple enough to analyze, but
>isn't a library with a well-defined API sufficient?

This sort of highlights how the current models of shared code fail. A good
deal of modularity and independence of cryptography implementations (what
Tim probably drives at with his comment of making life too easy for Three
Letter Agencies) could be achieved with proper shared libraries with well
thought out APIs. Only DLLs and alike aren't quite stable enough to be used
for such heavy inter-vendor use. If they were, the massive single function
apps could be implemented as lighter wrappers around them and modularity
would be maintained, all without compromising ease of use. There would be
security considerations in using someone else's library, yes, but a proper
authentication architecture and/or open source development could be used to
alleviate those. Too bad M$ does not place a lot of weight on such design
considerations, instead pushing its own centralized model.

Sampo Syreeni <decoy at iki.fi>, aka decoy, student/math/Helsinki university