[14068] in cryptography@c2.net mail archive
Re: Is cryptography where security took the wrong branch?
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Sun Sep 7 18:08:32 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: iang@systemics.com
Cc: crypto <cryptography@metzdowd.com>
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 07 Sep 2003 14:12:47 -0700
In-Reply-To: <3F5B949C.F7007D34@systemics.com>
Ian Grigg <iang@systemics.com> writes:
> Eric Rescorla wrote:
> >
> > Ian Grigg <iang@systemics.com> writes:
> >
> > > Eric Rescorla wrote:
> > > ...
> > > > > The other thing to be aware of is that ecommerce itself
> > > > > is being stinted badly by the server and browser limits.
> > > > > There's little doubt that because servers and browsers
> > > > > made poorly contrived decisions on certificates, they
> > > > > increased the overall risks to the net by reducing the
> > > > > deployment, and probably reduced the revenue flow for
> > > > > certificate providers by a factor of 2-5.
> > > > I doubt that. Do you have any data to support this claim?
> > >
> > > Sure. SSH.
> > That's not data, it's an anecdote--and not a very supportive one
> > at that. As far as I know, there isn't actually more total
> > SSH deployment than SSL, so you've got to do some kind of
> > adjustment for the total potential size of the market, which
> > is a notoriously tricky calculation.
>
> It's more than an anecdote. If I quote from your
> slides, SSH has achieved an almost total domination
> of where it can be deployed.
No. There are lots of other things you CAN do with SSH
that people don't do that often.
> > Do you have any actual
> > data or did you just pull 2-5 out of the air?
>
>
> There is a middle ground between data and the air,
> which is analysis.
Data precedes analysis.
> It's nothing to do with whether the ivory tower
> brigade does some econowhatsists on their models
> and then speculates as to what this all means.
>
> Have a look at the data that is available [2]. You
> will see elasticity. Have a look at the history
> of a little company called Thawte. There, you will
> see how elasticity contributed to several hundred
> millions of buyout money.
Nope.
Elasticity is about how much consumption changes when price
changes, not about what people who were already going to buy
choose to buy.
Look at it this way:
If Pepsi cut their price by 50%, it might affect their
market share but would have only a very small amount of
effect on how much fluid people consume overall. The
market for beverages is competitive but not particularly
elastic. That could easily be happening here.
Ian, it's a major econometrics project to determine how
elastic a given good has. To imagine that you can do
it with a little handwaving is simply naive.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
