Re: http+aes

In message <>, Ian Hick
son writes:
>On Tue, 6 Mar 2012, Poul-Henning Kamp wrote:
>> The major risk is that people understand neither how little privacy this 
>> buys them, nor how trivially easy it is to compromise that privacy 
>> accidentally.
>It's not intended that users even know this is being used, so it doesn't 
>really matter if they don't understand it.

Yes, it does matter, it matters a lot, because secrets are only
secret if people know they need to keep them secret.

That said, the people I was talking about here, were the people who
would decide to use this scheme because they are unlikely
to understand the implications and limitations of this bad idea.

>There's no reason this mechanism couldn't be used with other generic
>integrity checking mechanisms, though.

There is no reason to standardize something which does not do what
people would expect it to.

This proposal should be withdrawn with prejudice, it is simply not
done to hand people a cryptographic handgrenade of this kind.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Wednesday, 7 March 2012 14:22:32 UTC