Maybe It's Snake Oil All the Way Down
Scott Guthery
sguthery at mobile-mind.com
Sat May 31 17:32:03 PDT 2003
Hello, Rich ...
When I drill down on the many pontifications made by computer
security and cryptography experts all I find is given wisdom. Maybe
the reason that folks roll their own is because as far as they can see
that's what everyone does. Roll your own then whip out your dick and
start swinging around just like the experts.
Perhaps I'm not looking in the right places. I wade through papers from
the various academic cryptography groups, I hit the bibliographies
regularly, I watch the newgroups, and I follow the patent literature. After
you blow the smoke away, there's always an "assume a can opener"
assumption. The only thing that really differentiates the experts from the
naifs is the amount of smoke.
Now I'm certainly not arguing that given wisdom and hard experience
have nothing to contribute but they aren't substitutes for either mathematical
or even statistical certainty. And I do note in passing that their history of
delivering fundamental truth would counsel having a backup plan particularly
when it comes to the family jewels.
Cheers, Scott
-----Original Message-----
-----Original Message-----
From: Rich Salz [mailto:rsalz at datapower.com]
Sent: Fri 5/30/2003 9:26 PM
To: Eric Rescorla
Cc: Bill Stewart; cypherpunks; cryptography at metzdowd.com
Subject: Re: Nullsoft's WASTE communication system
> It's utterly baffling to me why people like this choose to design
> their own thing rather than just using SSL.
Totally agree. At this point in time, if it's a TCP based protocol
and it isn't built on SSL/TLS, it should pretty much be treated
as snake oil, I'd say. Perhaps some kind of evangelism is needed.
/r$
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cypherpunks-legacy
mailing list