And it goes on and on http://news.cnet.com/8301-17939_109-10110382-2.html while security communities are talking about perfect solutions for a minority of security-conscious users...
This is almost like a discussion about "theory" versus "practice". As a researcher in this field, I'd hoped that the gap would diminish over time but it seems that is actually widening! --Anders ----- Original Message ----- From: "Ian G" <[EMAIL PROTECTED]> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Cc: "Nelson B Bolyard" <[EMAIL PROTECTED]> Sent: Friday, December 05, 2008 10:10 Subject: Re: Creating a Global User-level CA/Trust Infrastructurefor SecureMessaging Anders Rundgren wrote: > This is BTW not too different to PayPal which I guess works so well > because it owns the entire customer-base and doesn't have to mess > with other competing/collaborating partners. Ahhh... Paypal :) Now there is a poignant example. Paypal is awful. Its security is woeful. It's a mess. Its business concept is a lie unto its own vision. It's practically the #1 phishing victim. There's even a book about it ... Yet, it won the market [1]. How do we deal with a world where something as bad, engineering-wise, as Paypal is the dominant product? Well, with a lot of pragmatism, and a lot of skepticism about the excessive number of one true religions. > Anders > user of flawed security solutions, developer of new concepts :) iang [1] For Nelson and others, this was my real business, not crypto, I was in probably the #2 opposing camp, and that camp didn't make it because of its own stupidity. But its security was much better than Paypal, around 10 times better by one objective measure. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto