[14367] in cryptography@c2.net mail archive
Re: Monoculture
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Wed Oct 1 14:14:34 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
To: Richard Schroeppel <rcs@CS.Arizona.EDU>
Cc: cryptography@metzdowd.com
In-Reply-To: Message from Richard Schroeppel <rcs@CS.Arizona.EDU>
of "Mon, 29 Sep 2003 13:48:43 PDT." <200309292048.h8TKmhO09058@baskerville.CS.Arizona.EDU>
Reply-To: sommerfeld@orchard.arlington.ma.us
Date: Wed, 01 Oct 2003 11:54:03 -0400
> Who on this list just wrote a report on the dangers of Monoculture?
An implementation monoculture is more dangerous than a protocol
monoculture..
Most exploitable security problems arise from implementation errors,
rather than from inherent flaws in the protocol being implemented.
And broad diversity in protocols has a downside from another general
systems security principle: minimization..
The more protocols you need to implement to talk to other systems, the
less time you have to make sure the ones you implement are implemented
well, and the more likely you are to pick up one which has a latent
implementation flaw.
- Bill
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
