[Cryptography] traffic analysis -> let's write an RFC?
ianG
iang at iang.org
Sun Feb 1 18:25:09 EST 2015
On 1/02/2015 10:42 am, grarpamp wrote:
> On Sat, Jan 31, 2015 at 1:19 AM, grarpamp <grarpamp at gmail.com> wrote:
>>> At least they say they're encrypting it all now. We'd like to know how.
>
>> Curious? What value is there in knowing how?
Value to us? Not a lot. Value to them: huge.
It forces them to prepare their documentation knowing that there will be
public audit of the process. Lots of arrows will be loosed at it. Many
wild, but some perceptive.
Sunlight is the best disinfectant. Openness will lift the game. They
will do a better job, think about wilder scenarios, come up with a more
balanced risk approach because they will be less likely to sweep
inconvenient risks under the table. We might spot something they truly
missed.
And, open disclosure that will give their customers better security.
iang
ps; no idea who the "we" & "they" is in the above, but hopefully the
principles are sound and universal.
More information about the cryptography
mailing list