[1881] in cryptography@c2.net mail archive
Re: [Comdex] aka "The late, great Snake Oil Parade"
daemon@ATHENA.MIT.EDU (Rick Smith)
Mon Nov 24 15:27:13 1997
In-Reply-To: <199711241154.LAA00924@server.test.net>
Date: Mon, 24 Nov 1997 11:01:33 -0600
To: Adam Back <aba@dcs.ex.ac.uk>, tamaster@technologist.com
From: Rick Smith <smith@securecomputing.com>
Cc: cryptography@c2.net
tamaster@technologist.com writes:
>> Also touted was an analysis of Secret Envoy by Richard E. Smith of
>> Secure Computing.
And Adam Back asks:
>Perhaps if it is he could say a few words discussing this particular
>product's security merits/demerits. It could be just a case of
>letting marketeers loose on security product brochures, always a bad
>idea. On the other hand if it is really snake oil, perhaps he might
>like the opportunity to defend his name from being associated with
>this product!
Ion Marketing has asked us to do a security assessment of their product.
The review has not occurred. If it does occur, the assessment will consist
of a checklist that compares their product's alleged features against
appropriate product requirements taken from my book "Internet Cryptography."
The guy at Ion did say that their algorithm was proprietary and they're not
releasing it for review. He knows that this isn't going to earn any points
in the review we do.
As far as "defending my name" this reminds me a bit of the old Pogo comic
strip where the local cop was in trouble for "consorting with known
criminals" (i.e. chasing them, investigating them, arresting them,
maintaining an office in a building that housed them, etc.). If crypto is
going to be used by the mainstream, then we need to find ways of dealing
with developers, even when they smell of snake oil. Sometimes it simply
masks the smell of honest ignorance, which is a curable disease.
Rick.
smith@securecomputing.com
