[114370] in cryptography@c2.net mail archive
Re: Gutmann Soundwave Therapy
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Thu Jan 31 15:17:02 2008
Cc: Cryptography <cryptography@metzdowd.com>
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: Guus Sliepen <guus@sliepen.org>
In-Reply-To: <20080131150703.GX3717@sliepen.org>
Date: Thu, 31 Jan 2008 19:29:43 +0100
On Jan 31, 2008, at 4:07 PM, Guus Sliepen wrote:
> I hope that in the future, if you see an application doing something
> wrong, you don't immediately give the developers the soundwave =20
> therapy.
The wider point of Peter's writeup -- and of the therapy -- is that =20
developers working on security tools should _know_ they're working in =20=
a notoriously, infamously hard field where the odds are =20
_overwhelmingly_ against them if they choose to engineer new solutions.
With such understanding, no competent developer should ever set out to =20=
build new cryptosystems unless he can explain, point by point, why his =20=
needs cannot be met by existing, vetted systems. That explanation =20
should ideally be made public for dissection by the community.
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
