[Cryptography] Preliminary review of the other Applied Cryptography
tpb-crypto at laposte.net
tpb-crypto at laposte.net
Wed Apr 9 15:46:19 EDT 2014
> Message du 09/04/14 18:33
> De : "Joachim Strömbergson"
>
> Sandy Harris wrote:
> > However, if your main interest is how to build secure systems, I'd
> > put Anderson's "Security Engineering" at the top of the list:
> > https://www.cl.cam.ac.uk/~rja14/book.html
>
> And if we are into the "books in the same field with confusingly similar
> names" discourse, Peter Gutmann is working on his big, big, big book
> "Engineering Security":
>
> https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
>
> The link points to the latest draft (I think) from April 2013.
> Not that the book lacks examples, far from it. The multi page tour de
> force of all CA and cert problems through the years is a scary reading.
> I guess the next version will include Heartbleed. And he really doesn't
> like DNSSEC.
>
Most of us can relate with that, the "SEC" in DNSSEC is kind of misleading to put it mildly. Of "SEC", DNSSEC has nothing. People were expecting some form of encryption to the standard when it was first announced and after a so long wait it came out still working in plaintext and worse, forcing people to expose their infrastructure to use it. What is the SEC in that really? SECurely allowing yourself to be snooped and spoofed? SECure to whom?
Maybe some lover of this standard can come forward to its defense.
More information about the cryptography
mailing list