Monoculture

Perry E. Metzger perry at piermont.com
Wed Oct 1 15:09:32 EDT 2003 

Ian Grigg <iang at systemics.com> writes:
> This is where maybe the guild and the outside world part
> ways.
> 
> The guild would like the application builder to learn the
> field.  They would like him to read up on all the literature,
> the analysies.  To emulate the successes and avoid the
> pitfalls of those protocols that went before them.  The  
> guild would like the builder to present his protocol and  
> hope it be taken seriously.  The guild would like the
> builder of applications to reach "acceptable" standards.
> 
> And, the guild would like the builder to take the guild
> seriously, in recognition of the large amounts of time
> guildmembers invest in their knowledge.

Actually, I could care less if they take "the guild" seriously,
because there isn't any "guild". What I care about is that people take
the risks seriously.

This is all very much like the reaction back when lots of people were
saying "please don't operate on people when you haven't washed your
hands" and lots of other folks said "nuts to that sort of thing --
I've been a surgeon for 30 years and almost 20% of my patients
survive!".

When I read "The Codebreakers" in the late 1970s, one thing got
drummed into my head in chapter after chapter after chapter. It is a
simple lesson, but one that I will repeat here.

    Dumb cryptography kills people.

It has a simple corollary.

    Dumb cryptography is built by people who don't understand that the
    problem is hard and that doing a bad job kills people.

In chapter after chapter, you read about people making the same
mistakes, over and over, and never learning, and then other people
dying because they were too egotistical to believe that they could
have made a mistake in the design of their security systems.

We do not ask anyone join a mythical "guild". We ask that people not
go off and build suspension bridges out of rotting twine.

The problem, of course, is that although it is obvious why you don't
want your suspension bridge hung from rotting twine instead of steel,
it is far less obvious to the naked eye that using the C library
random() call doesn't provide enough security to keep your nuclear
power plant controls safe.

> Well, the opposition to "the guild" is one of pro-market
> people who get out there and build applications.

I don't see any truth to that. You can build applications just as
easily using things like TLS -- and perhaps even more easily. The
"alternatives" aren't any simpler or easier, and are almost always
dangerous.

There isn't a guild. People just finally realize what is needed in
order to make critical -- and I do mean critical -- pieces of
infrastructure safe enough for use.


-- 
Perry E. Metzger		perry at piermont.com

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list