The Crypto Winter

Petro petro at bounty.org
Thu Nov 22 15:34:27 PST 2001


On Monday, November 19, 2001, at 12:55 PM, Tim May wrote:

> On Monday, November 19, 2001, at 12:36 PM, Faustine wrote:

<...>

>> This applied as well to _new_ banks. This meant that neither the 
>> customer (Joe Sixpack) nor the branch manager had to be "convinced" or 
>> "sold" on the importance or value of good security. Rather, the normal 
>> market discounting forces took care of the issue. Actuaries, 
>> underwriters, risk estimators, and security experts think about things 
>> some people never think will happen to them. Educating the masses is 
>> not the main issue.
>
> If you had read much of the past traffic of the list, Faustine, you 
> would know about this point.
>
> Will the same happen with online security and crypto? It already has. 
> The credit card companies already have imposed rules for merchants, a 
> major part of why SSL and 128-bit crypto and all the rest is happening. 
> Lawsuits over leaking of medical records are already happening, and 
> some large tort judgements will likely cause increases in security 
> (including better encryption, more use of capability-based 
> architectures to limit access, etc.)

	The irony in this, to use your analogy to bank robbers, is that 
mandating 128bit SSL is not securing the bank vault, but rather making 
sure nobody but the bank teller and the customer know what they are 
saying to each other (SSL being transport security).

	Most bank robbers in the past wanted in to the safe/vault cause 
that's where the *big* cash is. These days that is done by reading the 
database, rather than sniffing the wire.

	But database security is relatively easy and uninteresting.

> Sure, Grandma and Sis aren't using PGP 8.13 to encrypt their notes to 
> you. So?

	So it makes it more obvious when Bill the Abortion Provider sends 
me instructions on how to get to his office.

> Not that I'm discouraging you from going out to and trying to get that 
> "I didn't know that!" glimmer of awareness that maybe good locks are 
> better than bad locks. Knock yourself out.

	Part of the problem is that security is a PITA, and they get that 
glimmer, and they start worrying about things, but the habits are 
already there.

> --Tim May
> "You don't expect governments to obey the law because of some higher 
> moral development. You expect them to obey the law because they know 
> that if they don't, those who aren't shot will be hanged." - -Michael 
> Shirley

--
"Remember, half-measures can be very effective if all you deal with are
half-wits."--Chris Klein





More information about the cypherpunks-legacy mailing list