Re: IESG meeting thoughts

Responding to Stephen.

Crypto doesn't actually solve any of your security problems. Not one,
zilch, zero.

What cryptography does is to reduce the size of your information security
problem. It can reduce it in size from megabytes or even terrabytes to a
128 bit key or deciding whether or not to trust one of millions of Web
sites to whether or not to trust the 50 WebPKI CAs (or ICANN if you are
feeling really brave). But that is all cryptography does for you. It
reduces the size of your security problem.

You still have to work out how to keep that key secure or make sure you
have the right trust anchor. Reducing problems in size is good but you
still have to solve them.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: IESG meeting thoughts, (continued) Re: IESG meeting thoughts, Bert Wijnen (IETF) Re: IESG meeting thoughts, Stephen Farrell Re: IESG meeting thoughts, Randy Bush Re: IESG meeting thoughts, Bert Wijnen (IETF) Re: IESG meeting thoughts, Phillip Hallam-Baker Re: IESG meeting thoughts, Michael Richardson Re: IESG meeting thoughts, Phillip Hallam-Baker Re: IESG meeting thoughts, Michael Richardson Re: IESG meeting thoughts, Brian E Carpenter Re: IESG meeting thoughts, Stephen Farrell Re: IESG meeting thoughts, Phillip Hallam-Baker <= Re: IESG meeting thoughts, Nico Williams Re: IESG meeting thoughts, Phillip Hallam-Baker