[Cryptography] Interesting new article by Ross Anderson...
Viktor Dukhovni
cryptography at dukhovni.org
Wed Jun 4 00:55:20 EDT 2014
On Tue, Jun 03, 2014 at 07:27:48AM -0400, Jerry Leichter wrote:
> on surveillance, privacy, network effects, and whole bunch of related stuff:
>
> http://weis2014.econinfosec.org/papers/Anderson-WEIS2014.pdf
>
> I think the paper needs some tightening - some of the examples
> may be a bit far-fetched, or maybe valid but in need of more
> justification - but overall it's of a piece with Anderson's classic
> work on how economics makes it very hard to justify "obvious"
> security measures.
For what it is worth, for modestly sized projects that can manage
on volunteer effort alone, the economics is not always an obstacle.
Postfix takes the high road on security, and ignores the economics.
As I mentioned on this list before, Postfix is somewhat behind Exim
on market-share, and Exim has more features, but a noticeably more
fragile code-base. So the observation that features trump security
is once again validated, but this economic reality has no bearing
on the Postfix developers, we're not in it for the sales.
--
Viktor.
More information about the cryptography
mailing list