Monoculture
Rich Salz
rsalz at datapower.com
Tue Sep 30 19:54:44 EDT 2003
> I imagine the Plumbers & Electricians Union must have used similar
> arguments to enclose the business to themselves, and keep out unlicensed
> newcomers. "No longer acceptable" indeed. Too much competition boys?
The world might be better off if you couldn't call something
"secure" unless it came from a certificated security programmer.
Just like you don't want your house wired by a Master Electrician, who has
been proven to have experience and knowledge of the wiring code -- i.e.,
both theory and practice.
Yes, it sometimes sucks to be a newcomer and treated with derision unless you
can prove that you understand the current body of knowledge. We should
all try to be nicer. But surely you can understand a cryptographer's
frustration when a VPN -- what does that P stand for? -- shows flaws
that are equivalent to a syntax error in a Java class.
Perhaps it would help to think of it as defending the field. When
crap and snake-oil get out, even well-meaning crap and snake-oil,
the whole profession ends up stinking.
/r$
PS: As for wanting to avoid the "client-server" distinction in SSL/TLS,
just require certs on both sides and do mutual authentication.
The bytestream above is already bidirectional.
--
Rich Salz Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list