Practice Cryptography!
Even with all of the cryptologic and cryptographic technology that has existed in the world for the past 60 years, we still don't really know what encryption is good for or how to use it -- or, more importantly, why it's important. Maybe it's time for people and coders to actually start practicing how to use it, like any other skill.Saturday, April 08, 2006
Interesting thought...
The point of certificates from "certifying authorities" is so that other people can prove that it's your identity which signed something.
The point of not having "certifying authorities" sign public keys is so that you can prove it's your identity which signed something, but others cannot.
An "identity association" is limited in its scope to how much you can trust the entity that made the association. And heaven help us if individuals are ever called on in a legal environment to act in a CA role with no accountability.
The point of not having "certifying authorities" sign public keys is so that you can prove it's your identity which signed something, but others cannot.
An "identity association" is limited in its scope to how much you can trust the entity that made the association. And heaven help us if individuals are ever called on in a legal environment to act in a CA role with no accountability.
Wednesday, April 05, 2006
Why is encryption so expensive?
Why are cryptographic software and solutions so expensive? It shouldn't be that difficult to use, it shouldn't be that difficult to implement. We're stuck in a situation where nobody, and I mean nobody, knows what to do or how to do it. We just need to encrypt data between Alice and Bob. Or Alice(now) and Alice(future). With, perhaps, Sandy (the system administrator) being able to decrypt it or recover it if necessary, in accordance with security policy.
Why is it so difficult? Why does it have to be so difficult?
Let's take a look at a current example (culled, yet again, from the Google ad links): http://www.authora.com/edge/EDGE%20HOME.asp. This is a product that is OpenPGP compliant, and says it is "FIPS compliant" (though I can't find any certificate for such on the NIST's website, so I have to assume that it's not certified). But they require $2500/year licensing fee, minimum, to get good customer service... and they don't say anything about how much their product itself actually costs.
It's... discouraging, in a lot of ways. Why should I have to pay through the nose just to use an envelope? It'd be like Mead charging me $250 per envelope, and the post office charging me another $80 per stamp.
Why is it so difficult? Why does it have to be so difficult?
Let's take a look at a current example (culled, yet again, from the Google ad links): http://www.authora.com/edge/EDGE%20HOME.asp. This is a product that is OpenPGP compliant, and says it is "FIPS compliant" (though I can't find any certificate for such on the NIST's website, so I have to assume that it's not certified). But they require $2500/year licensing fee, minimum, to get good customer service... and they don't say anything about how much their product itself actually costs.
It's... discouraging, in a lot of ways. Why should I have to pay through the nose just to use an envelope? It'd be like Mead charging me $250 per envelope, and the post office charging me another $80 per stamp.
Archives
2006-02-12 2006-02-19 2006-02-26 2006-03-05 2006-03-12 2006-03-19 2006-03-26 2006-04-02 2006-04-09 2006-04-16 2006-04-23 2006-07-23 2008-01-13 2008-01-20 2008-02-03 2008-02-17 2008-03-16 2008-04-06 2008-05-11
