Re: How secure is SSL emails?

From: Peter Fairbrother (zenadsl6186_at_zen.co.uk)
Date: 06/29/04 

Date: Tue, 29 Jun 2004 09:34:29 +0100

David Wagner wrote:

> Peter Fairbrother wrote:
>> David Wagner wrote:
>>> Many other information security systems do not provide such a high level
>>> of security, but nonetheless are still useful. It's not realistic to
>>> hold all of information security to the same level of assurance attained
>>> by modern cryptography; if you set your standard that high, you'll never
>>> get anything done.
>>
>> I prefer to look at it this way - set your standards that high and you'll
>> never do anything insecure, and it will encourage you to develop better
>> methods.
>
> That's all very nice, but we simply don't know how to build systems that
> achieve the level of security you seem to be asking for. Would you have
> us turn off every computer in the world until we can build mathematically
> provably secure software systems? Most of us have to get some work done,
> and can't afford to do that.

Sure, and I'm not really challenging that pragmatic viewpoint - I'm just
reminding people that there is a surer way, and even if we can't do it now
we should still try to.

We seem to have almost succeeded insofar as symmetric cipher design goes.
What next? 

-- 
Peter Fairbrother

Relevant Pages

  • Re: [Lit.] Buffer overruns
    ... > 'all C code is insecure'. ... David Wagner has repeatedly asserted that he doesn't ... that is secure (against buffer overruns). ...
    (sci.crypt)
  • Re: [Lit.] Buffer overruns
    ... Douglas A. Gwyn wrote: ... > David Wagner has repeatedly asserted that he doesn't ... that 'ALL C code is insecure'! ...
    (sci.crypt)
Quantcast