| To: | "Email List: Cipe" <cipe-l,AT,inka,DOT,de> |
| Subject: | Re: What do you guys think about this? |
| From: | "Dave Howe" <DaveHowe,AT,cmn,DOT,sharp-uk,DOT,co,DOT,uk> |
| Date: | Tue, 23 Sep 2003 17:46:56 +0100 |
| References: | <000401c381c7$70550180$d620a8c0@pcw_hans.hnsasd.priv> <16240.27943.90498.711502@saint.heaven.net> |
Dick St.Peters wrote: > This is the heart of the issue. The problem here is one of lost > context. Crypto people are the bank vault designers of the software > world; in their context if a door isn't a meter of tempered steel > alloy it isn't a secure door. That's fine for bank vaults, but it's > more than a little silly for, say, apartment doors. You want an > apartment door that doesn't crush the building. > > A VPN should provide security that's good enough. If you're dealing > with state secrets or billions of dollars, CIPE is not good enough. > However, if you do business over ordinary phone lines and first class > mail, then using CIPE will make your VPN vastly more secure than the > rest of your operation, without consuming a lot of resources or > making things more complex than necessary. as aways, there is a tradeoff between "cost" and security. cost for cipe would probably be in one or more of design (coding) time, cpu time or complexity - a more secure hash might be worth that, and a choice of more secure cyphers can't be a bad thing. Maybe tempered steel alloy is overkill, but a choice of solid wood (if eggbox plywood is still available as a fallback option) might be nice....