[3356] in cryptography@c2.net mail archive
Re: ArcotSign (was Re: Does security depend on hardware?)
daemon@ATHENA.MIT.EDU (bram)
Wed Sep 23 16:07:17 1998
Date: Wed, 23 Sep 1998 11:27:16 -0700 (PDT)
From: bram <bram@gawth.com>
To: Bruce Schneier <schneier@counterpane.com>
cc: cryptography@c2.net, cypherpunks@algebra.com, coderpunks@toad.com
In-Reply-To: <4.0.2.19980923070056.0096b380@mail.visi.com>
On Wed, 23 Sep 1998, Bruce Schneier wrote:
> Sorry. I am under NDA. Hopefully Arcot will explain sooner rather than
> later. I suggest not using the product until you are satisfied.
I'd say the following has been well established by now -
- The people at ArcotSign are not completely clueless
- They're doing things in a possibly sub-optimal way as far as publically
explaining their algorithms, but this is a decision on their part, it's
not that they don't have reasonable algorithms to back things up
- They're not releasing due to being afraid of people copying their
product before they've gotten sufficiently far in development/achieved
some market penetration. Those of you who don't work at startups might not
be familiar with this sort of thinking, but it's completely reasonable -
if you go around telling everybody all the little details of how to make
things work, some large company might make a very quick bastardized
version and throw lots of marketing oomph behind it.
- Their marketing materials are a bit misleading. This they can reasonably
be faulted for.
In short, at worst it's a poor product, but not 'snake-oil'. I have no
idea whether it's a *good* product, since I've never looked at it, but for
all I know it might be the greatest thing since sliced bread.
I think that pretty much sums up everything there is to currently say on
the subject, until ArcotSign releases more details.
-Bram
(Who isn't talking about what he's working on until the official release
of a reasonably well fleshed-out product comes out.)
