[3091] in cryptography@c2.net mail archive
Re: Geer's Law of Good and Easy offers a political solution?
daemon@ATHENA.MIT.EDU (Stephen Cobb, CISSP)
Mon Jul 27 11:00:39 1998
Date: Sun, 26 Jul 1998 22:24:13 -0400
To: John Gilmore <gnu@toad.com>
From: "Stephen Cobb, CISSP" <stephen@iu.net>
Cc: cryptography@c2.net
In-Reply-To: <199807262133.OAA26887@cygint.cygnus.com>
At 02:33 PM 7/26/98 -0700, you wrote:
>Dan Geer today stated what looks to me like a Law of Good and Easy:
>> You can have good crypto or you can have easy crypto
>> but you cannot have good, easy crypto.
>
>This is an interesting observation. Even if we believe this, we
>clearly have much further to go in making crypto EITHER easy OR good,
>so there's no shortage of work to do.
John
I would second this, based on evaluations of practical file encryption products we have been doing for clients. The commercial offerings we have looked at all appear to be immature and clumsy in one respect or another, particularly when you look at rolling out the software to several thousand machines in numerous countries on several continents.
Apart from anything else, the current pace of consolidation among commercial security vendors has made it difficult to know what products are supported, named, shipping, etc.
It is all very well to preach, as we have for years, that "you really should encrypt sensitive information," but it appears that saying it is still a lot easier than doing it.
Respectfully...Stephen
<<<< Certified Information Systems Security Professional >>>>
Director of Education & Research, /\/\iora Systems Consulting
<<ph:1.407.269.3652 http://www.miora.com fax:1.407.268.9031>>
