And it goes on and on
http://news.cnet.com/8301-17939_109-10110382-2.html
while security communities are talking about perfect solutions for
a minority of security-conscious users...

This is almost like a discussion about "theory" versus "practice".

As a researcher in this field, I'd hoped that the gap would diminish over
time but it seems that is actually widening!

--Anders

----- Original Message ----- 
From: "Ian G" <[EMAIL PROTECTED]>
To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org>
Cc: "Nelson B Bolyard" <[EMAIL PROTECTED]>
Sent: Friday, December 05, 2008 10:10
Subject: Re: Creating a Global User-level CA/Trust Infrastructurefor 
SecureMessaging


Anders Rundgren wrote:
> This is BTW not too different to PayPal which I guess works so well
> because it owns the entire customer-base and doesn't have to mess
> with other competing/collaborating partners.


Ahhh... Paypal :)  Now there is a poignant example.

Paypal is awful.  Its security is woeful.  It's a mess.  Its business 
concept is a lie unto its own vision.  It's practically the #1 phishing 
victim.  There's even a book about it ...

Yet, it won the market [1].

How do we deal with a world where something as bad, engineering-wise, as 
Paypal is the dominant product?

Well, with a lot of pragmatism, and a lot of skepticism about the 
excessive number of one true religions.


> Anders
> user of flawed security solutions, developer of new concepts


:)

iang



[1] For Nelson and others, this was my real business, not crypto, I was 
in probably the #2 opposing camp, and that camp didn't make it because 
of its own stupidity.  But its security was much better than Paypal, 
around 10 times better by one objective measure.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to