CFP: PKI research workshop
lynn.wheeler at firstdata.com
lynn.wheeler at firstdata.com
Sun Dec 30 18:42:17 EST 2001
another aspect that overlaps PKIs and quality is the difference between
"application" code and "service" code .... turning an application into a
service can be hard .... possibly writing 4-10 times as much code as in the
base application infrastructure .... and very high-quality code ....
dealing with potentially very complex failure modes. Related thread
("buffer overflow") has been running in the sci.crypt newsgroups. ....
partial reference:
http://www.garlic.com/~lynn/2001n.html#93 Buffer overflow
http://www.garlic.com/~lynn/2001n.html#91 Buffer overflow
http://www.garlic.com/~lynn/2001n.html#90 Buffer overflow
also an older thread regarding "assurance" in application and digital
signature authentication
http://www.garlic.com/~lynn/aadsm5.htm#asrn1 Assurance, e-commerce, and
some x9.59
http://www.garlic.com/~lynn/aadsm5.htm#asrn2 Assurance, e-commerce, and
some x9.59
http://www.garlic.com/~lynn/aadsm5.htm#asrn3 Assurance, e-commerce, and
some x9.59
http://www.garlic.com/~lynn/aadsm5.htm#asrn4 assurance, x9.59, etc
lynn.wheeler at firstdata.com at 12?29/2001 3:22 pm wrote:
Now, an interesting thing might be regarding rapid uptake of general
security. One could contend that majority of the market believes that good,
strong security should be an attribute of the basic infrastructure ...
somewhat like the issue of automobile quality in the '70s, not going to pay
any more for it ... but would migrate to a manufactor that had
significantly better quality. You then have the 1) vendors that don't see
quality as worth while since they won't be able to charge more 2) new
vendors that would like to sell "quality" as a stand-alone attribute ...
not actually having to manufactor automobiles .... but somehow convince
customers that they can sell quality independent of any product, and 3)
vendors that feel that they can eventually gain market share by providing
better quality.
Substitute "security" and/or "PKI" in place of "quality".
Part of the issue is that security (and strong authentication) should be an
attribute of the basic infrastructure ... not something that exists by
itself in a vacuum.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list