[Cryptography] upgrade mechanisms and policies

Ian G iang at iang.org
Sat Apr 11 18:19:42 EDT 2015

On 11/04/2015 21:21, Ben Laurie wrote:
> On 11 April 2015 at 19:50, Bill Frantz <frantz at pwpconsult.com 
> <mailto:frantz at pwpconsult.com>> wrote:
>         Newer does not necessarily mean better,
>         especially in the security field, and in fact something that
>         has stood
>         the test of time may actually be _better_ than something entirely
>         newfangled.
> Wat? This is crazy talk.
> Clearly the only sane policy is to believe that the latest version of 
> X is the most secure. And if you know about X you ought to also know 
> about the problems with X-1, X-2,.... So, sure, each end indicates 
> which versions it is prepared to use, but of the intersection, 
> _surely_ highest wins?

Well, not totally crazy, just maybe tricky.  Case in point, later 
generations of Skype since about 2009 have decreased security & privacy 
by sharing with Redmond and Maryland.  But the counter to that is that 
the sane mass-user policy is still to accept the version upgrades, until 
the point of abandoning the product.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150411/23045817/attachment.html>

More information about the cryptography mailing list