employment market for applied cryptographers?

Adam Shostack adam at homeport.org
Sun Aug 18 10:04:11 PDT 2002


On Sun, Aug 18, 2002 at 01:46:09AM -0400, dmolnar wrote:
| 
| 
| On Sat, 17 Aug 2002, John Kelsey wrote:
| 
| > Also, designing new crypto protocols, or analyzing old ones used in odd
| > ways, is mostly useful for companies that are offering some new service on
| > the net, or doing some wildly new thing.  Many of the obvious new things
| 
| I agree with this as far as "crypto" protocols go. But one thing to keep
| in mind is that almost all protocols impact security, whether their
| dsigners realize it or not. Especially protocols for file transfer, print
| spooling, or reservation of resources. most of these are designed without
| people identifying them as "crypto protocols."
| 
| Another thing that makes it worse -- composition of protocols. You can do
| an authentication protocol and prove you're "you." Then what? Does that
| confer security properties upon following protocols, and if so what?

Why does the CEO care?  Is it economic to answer these questions?  Do these
questions terminate or go on forever?  

Do good security experts ever say "its secure?"  Or do we keep finding
new and better holes that require more engineering work to fix?

As Eric used to say, all security is economics.

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume






More information about the cypherpunks-legacy mailing list