Maybe It's Snake Oil All the Way Down

[Scott Guthery]

Hello, Rich ...
 
When I drill down on the many pontifications made by computer
security and cryptography experts all I find is given wisdom.  Maybe 
the reason that folks roll their own is because as far as they can see 
that's what everyone does.  Roll your own then whip out your dick and 
start swinging around just like the experts.
 
Perhaps I'm not looking in the right places. I wade through papers from 
the various academic cryptography groups, I hit the bibliographies 
regularly, I watch the newgroups, and I follow the patent literature.  After 
you blow the smoke away, there's always an "assume a can opener" 
assumption. The only thing that really differentiates the experts from the 
naifs is the amount of smoke.
 
Now I'm certainly not arguing that given wisdom and hard experience
have nothing to contribute but they aren't substitutes for either mathematical 
or even statistical certainty.  And I do note in passing that their history of 
delivering fundamental truth would counsel having a backup plan particularly
when it comes to the family jewels.
 
Cheers, Scott
 
-----Original Message----- 


	-----Original Message----- 
	From: Rich Salz [mailto:rsalz at datapower.com] 
	Sent: Fri 5/30/2003 9:26 PM 
	To: Eric Rescorla 
	Cc: Bill Stewart; cypherpunks; cryptography at metzdowd.com 
	Subject: Re: Nullsoft's WASTE communication system
	
	

	> It's utterly baffling to me why people like this choose to design
	> their own thing rather than just using SSL.
	
	Totally agree.  At this point in time, if it's a TCP based protocol
	and it isn't built on SSL/TLS, it should pretty much be treated
	as snake oil, I'd say.  Perhaps some kind of evangelism is needed.
	        /r$
	
	
	---------------------------------------------------------------------
	The Cryptography Mailing List
	Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com