[Cryptography] upgrade mechanisms and policies
iang at iang.org
Sat Apr 11 18:19:42 EDT 2015
On 11/04/2015 21:21, Ben Laurie wrote:
> On 11 April 2015 at 19:50, Bill Frantz <frantz at pwpconsult.com
> <mailto:frantz at pwpconsult.com>> wrote:
> Newer does not necessarily mean better,
> especially in the security field, and in fact something that
> has stood
> the test of time may actually be _better_ than something entirely
> Wat? This is crazy talk.
> Clearly the only sane policy is to believe that the latest version of
> X is the most secure. And if you know about X you ought to also know
> about the problems with X-1, X-2,.... So, sure, each end indicates
> which versions it is prepared to use, but of the intersection,
> _surely_ highest wins?
Well, not totally crazy, just maybe tricky. Case in point, later
generations of Skype since about 2009 have decreased security & privacy
by sharing with Redmond and Maryland. But the counter to that is that
the sane mass-user policy is still to accept the version upgrades, until
the point of abandoning the product.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography