Citibank e-mail looks phishy

Peter Gutmann pgut001 at
Thu Nov 16 22:54:18 EST 2006

"Steven M. Bellovin" <smb at> writes:

>One of my favorite papers is Epstein, McHugh, and Pascale's "Evolution of a
>Trusted B3 Window System Prototype", because it describes an approach that
>didn't work.  Such papers are all too rare.

That's because it's really, really hard to get papers that document negative
experiences accepted for publication.  My guess is that this is because if you
write a paper documenting (say) negative experience with cryptoFoo, it's going
to be sent to cryptoFoo-savvy reviewers for evaluation (obviously), which
generally means ones involved in cryptoFoo development.  They aren't going to
take too well to a paper describing how hard their baby is to implement (I've
seen this effect several times while serving on program committees).  The
Oakland paper was on a topic where everyone was having problems with the
technology (so it was acceptable to say "this stuff doesn't work"), and came
at the tail end of the trusted-windowing-system period where it was
permissible to publish non-positive retrospectives.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list