[Cryptography] Toxic Combination

[Bill Frantz]

On 12/12/14 at 3:19 AM, benl at google.com (Ben Laurie) wrote:

>FOSS is "Free/Open Source Software". Pond is a secure messaging system
>by Adam Langley.

Well, to finish, FOSS isn't a security protocol, its a 
development method, in particularly good repute with the readers 
of this list (including me).

Since I hadn't heard of Pond, I think I can clearly argue that 
it hasn't achieved the necessary market penetration to have 
"achieved wide adoption."
>
>You don't make a strong case for your rather over-broad claim above.
>Though I do agree that crypto (like pretty much everything else) does
>require someone to somehow support those who develop it. And those who
>deploy it need to have a reason to bear the costs of doing so. And so
>on. But this is not as simple as "No security protocol will achieve
>wide adoption unless it includes a revenue model which someone can use
>to build a business." You "explain" several counter-examples above,
>for instance.

I agree Ben. PGP is perhaps the best counter example. It was 
clearly developed for political reasons, and the requirement for 
payment for commercial uses was really and after thought.

Perhaps restating the claim as, "No security protocol without a 
revenue model can win in the marketplace against one that has one."

Note that in retrospect, I'm not sure that Diffie Hellman is a 
security protocol. It can be part of one such as TLS (nee SSL), 
but by itself is not a protocol.

It is clear to me that the TLS CA model won because people could 
build a business as a CA. Lynn Wheeler makes this point explicit 
when he talks of strong arm methods used to suppress alternatives.

Cheers - Bill

-------------------------------------------------------------------------
Bill Frantz        | Airline peanut bag: "Produced  | Periwinkle
(408)356-8506      | in a facility that processes   | 16345 
Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos, 
CA 95032