CDR: Re: Lions and Tigers and Backdoors, oh, my...
petro
petro at bounty.org
Thu Sep 28 00:23:50 PDT 2000
Tim May wrote:
>
>For example, receiving or sending text with PGP (of an early-enough
>vintage, or one which has been vetted extensively). Using
>clipboards, for example.
>
>This works for text, sending and receiving, and has the advantage
>that the crypto program is orthogonal to the browser, mail client,
>whatever.
>
>It works best for text, not so well for browsing, temporary
>connections, etc. (Though the basic idea is still valid, just much
>more complex to make work.)
>
>Most important "encrypted messages" fit this model of a
>browser/mailer transmitting _generalized text_, with a crypto
>program then turning this generalized text into something else.
>
>Regrettably, and as I predicted at several Cypherpunks meetings in
>'93 or so, the effect of "integrating crypto into apps" is to make
>analysis of the algorithms and possible trapdoors much more
>problematic.
>
>(I argued in '93-94 that the then-mania for "integrating crypto into
>PINE and Eudora" was misdirected, for reasons related to the above
>points.)
Both Eudora, and (IIRC) pine *DO* use external applications
for encryption/decryption/verification--or at least use "plugins" (in
the case of Eudora) where the cryto functions are isolated.
>
>This has nothing whatsoever to do with "everyone rolling their own."
>Quite the opposite, in fact.
--
A quote from Petro's Archives: **********************************************
Sometimes it is said that man can not be trusted with the government
of himself. Can he, then, be trusted with the government of others?
Or have we found angels in the forms of kings to govern him? Let
history answer this question. -- Thomas Jefferson, 1st Inaugural
More information about the Testlist
mailing list