[19176] in cryptography@c2.net mail archive
Re: X.509 / PKI, PGP, and IBE Secure Email Technologies
daemon@ATHENA.MIT.EDU (James A. Donald)
Fri Dec 9 15:17:28 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography <cryptography@metzdowd.com>
Date: Thu, 08 Dec 2005 19:15:07 -0800
In-reply-to: <C8678182-B0D2-4026-B8EB-74E8A649C68D@mac.com>
--
James A. Donald:
> > > > We can, and should, compare any system with the
> > > > attacks that are made upon it. As a boat
> > > > should resist every probable storm, and if it
> > > > does not it is a bad boat, an encryption system
> > > > should resist every real threat, and if it does
> > > > not it is a bad encryption system.
Aram Perez
> > > I'm sorry James, but you can't expect a (several
> > > hundred dollar) rowboat to resist the same
> > > probable storm as a (million dollar) yacht.
James A. Donald:
> > Software is cheaper than boats - the poorest man can
> > afford the strongest encryption, but he cannot
> > afford the strongest boat.
Aram Perez
> If it is that cheap, then why are we having this
> discussion? Why isn't there a cheap security solution
> that even my mother can use?
Design is not cheap, and in particular cryptographic
design is not cheap, because one has to see what attacks
eventuate - one commonly discovers that one's
cryptography was fine, but one's threat model was
inadequate. But having been designed, and survived
attack, it can then be supplied to everyone.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
J0TlTGnN72O7gpg1XX5GRDTi4nJ4wVeAa557yccN
44MC72QwGhBFeTainKp+spi3G6oGpfuNsPZYDSpwt
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
