"Email List: Cipe" <cipe-l,AT,inka,DOT,de>|
Re: What do you guys think about this?|
"Dave Howe" <DaveHowe,AT,cmn,DOT,sharp-uk,DOT,co,DOT,uk>|
Tue, 23 Sep 2003 17:46:56 +0100|
Dick St.Peters wrote:
> This is the heart of the issue. The problem here is one of lost
> context. Crypto people are the bank vault designers of the software
> world; in their context if a door isn't a meter of tempered steel
> alloy it isn't a secure door. That's fine for bank vaults, but it's
> more than a little silly for, say, apartment doors. You want an
> apartment door that doesn't crush the building.
> A VPN should provide security that's good enough. If you're dealing
> with state secrets or billions of dollars, CIPE is not good enough.
> However, if you do business over ordinary phone lines and first class
> mail, then using CIPE will make your VPN vastly more secure than the
> rest of your operation, without consuming a lot of resources or
> making things more complex than necessary.
as aways, there is a tradeoff between "cost" and security. cost for cipe
would probably be in one or more of design (coding) time, cpu time or
complexity - a more secure hash might be worth that, and a choice of more
secure cyphers can't be a bad thing. Maybe tempered steel alloy is
overkill, but a choice of solid wood (if eggbox plywood is still available
as a fallback option) might be nice....