At 10:41 PM -0400 9/27/00, David Honig wrote:
>At 07:51 PM 9/27/00 -0400, Tim May wrote:
>>At 7:33 PM -0400 9/27/00, David Honig wrote:
>>>
>>>
>>>It does create a single-point-of-failure if everyone uses the same
>>>library (or other independent 'module'), but on the other hand, everyone
>>>rolling their own is likely to introduce more fatal flaws.
>>>
>>>Curious what the alternatives are,
>>
>>I said nothing about "everyone rolling their own."
>
>Yes, that was the most extreme contrast I could think of. A straw
>man. Obviously bad practice.
>
>What kind of modularity (not including linking a source-inspectable
>library) were you thinking of?
For example, receiving or sending text with PGP (of an early-enough
vintage, or one which has been vetted extensively). Using clipboards,
for example.
This works for text, sending and receiving, and has the advantage
that the crypto program is orthogonal to the browser, mail client,
whatever.
It works best for text, not so well for browsing, temporary
connections, etc. (Though the basic idea is still valid, just much
more complex to make work.)
Most important "encrypted messages" fit this model of a
browser/mailer transmitting _generalized text_, with a crypto program
then turning this generalized text into something else.
Regrettably, and as I predicted at several Cypherpunks meetings in
'93 or so, the effect of "integrating crypto into apps" is to make
analysis of the algorithms and possible trapdoors much more
problematic.
(I argued in '93-94 that the then-mania for "integrating crypto into
PINE and Eudora" was misdirected, for reasons related to the above
points.)
This has nothing whatsoever to do with "everyone rolling their own."
Quite the opposite, in fact.
--Tim May
--
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
"Cyphernomicon" | black markets, collapse of governments.
