Vin McLellan wrote:
| Vin McLellan wrote:
|
| >| The "published crypto" issue is a religious debate -- and I'm on
|
| Adam Shostack <adam @
homeport .
org> replied:
|
| > No, its not. The only people who don't publish widely are
| >governments, and they have internal review systems
|
| Isn't the classical definition of a religious debate one in which
| at least one side is utterly certain the other side has no valid right to
| exist?
You can't find anyone with a background in crypto who'll argue
for closed systems. This is a one sided religious war, with people
who have studied the issue on one side, and people who have not on the
other. (I'm being slightly sarcastic, but only slightly.) The people
who don't believe in publication may well be CIOs and CEOs, but that
means they need to be educated to understand the same thing that the
engineers at SDTI understand; publication is good.
You have a right to argue against publication, and you'll
lose. It really is that simple. You can't point to anyone who will
make a technical argument against publication, only point to the
massive ignorance that exists out in the marketplace as justification
for doing the wrong thing.
| The vexing issues come up most often for smaller vendors (today,
| many of them non-American,) which are not assured an intensive and
| expeditious review of their crypto just by publication. They often prefer
| to hire talented guys like yourself under NDAs, for initial and often
| annual reviews of the security of their non-standard cryptography.
|
| I would guess that this sort of review has traditionally been a --
| if not "the" -- primary income stream for many top independent crypto
| consultants.
Actually, publication at a major conference will get the best
minds around on your system for an hour or three. Its quite an coup
to break a system at the rump session of the conference at which its
presented.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
References:
|
|
