[14358] in cryptography@c2.net mail archive
Re: Monoculture
daemon@ATHENA.MIT.EDU (Rich Salz)
Tue Sep 30 22:01:32 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 30 Sep 2003 19:54:44 -0400 (EDT)
From: Rich Salz <rsalz@datapower.com>
To: Richard Schroeppel <rcs@CS.Arizona.EDU>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
In-Reply-To: <200309292048.h8TKmhO09058@baskerville.CS.Arizona.EDU>
> I imagine the Plumbers & Electricians Union must have used similar
> arguments to enclose the business to themselves, and keep out unlicensed
> newcomers. "No longer acceptable" indeed. Too much competition boys?
The world might be better off if you couldn't call something
"secure" unless it came from a certificated security programmer.
Just like you don't want your house wired by a Master Electrician, who has
been proven to have experience and knowledge of the wiring code -- i.e.,
both theory and practice.
Yes, it sometimes sucks to be a newcomer and treated with derision unless you
can prove that you understand the current body of knowledge. We should
all try to be nicer. But surely you can understand a cryptographer's
frustration when a VPN -- what does that P stand for? -- shows flaws
that are equivalent to a syntax error in a Java class.
Perhaps it would help to think of it as defending the field. When
crap and snake-oil get out, even well-meaning crap and snake-oil,
the whole profession ends up stinking.
/r$
PS: As for wanting to avoid the "client-server" distinction in SSL/TLS,
just require certs on both sides and do mutual authentication.
The bytestream above is already bidirectional.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
