Crypto Craft Knowledge
Ben Laurie
ben at links.org
Wed Feb 25 05:57:50 EST 2009
Cat Okita wrote:
> On Sat, 21 Feb 2009, Peter Gutmann wrote:
>> This points out an awkward problem though, that if you're a commercial
>> vendor
>> and you have a customer who wants to do something stupid, you can't
>> afford not
>> to allow this. While my usual response to requests to do things
>> insecurely is
>> "If you want to shoot yourself in the foot then use CryptoAPI", I can
>> only do
>> this because I care more about security than money. For any
>> commercial vendor
>> who has to put the money first, this isn't an option.
>
> That's not entirely true -- even commercial vendors have things like
> ongoing support to consider, and some customers just cost more money
> than they're worth.
Furthermore, its entirely simplistic to suggest that "money first" ==
"do any fool thing a customer demands". Some businesses do actually care
about their reputation, even if only because they believe that will make
them more money in the long run.
Plus, even the most accommodating company will draw the line somewhere -
not every foolish thing is profitable, even if a customer wants it.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list