spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Sendmail white paper

2004-11-26 01:42:15
from [James Couzens] [Permanent Link] 
On Wed, 2004-11-24 at 13:25 -0500, Michael Hammer wrote:


I'm sure Rand can defend himself if he chooses. I think you are being
more than a little unfair. Some of us live in the real world and have
to worry more about what is deployed than what might possibly be
deployed. I just stepped out of a meeting where these issues were
discussed and DK got significantly more time than IIM. Why? Because
there are significant players already rolling it out. If I don't
survive today then tomorrow is much less of an issue.


You know whats funny, is DK gets all of this attention yet no one can
see the massive and very fundamental FLAW in it?  DK is absolutely and
fundamentally flawed.  You should absolutely NOT be trying to implement
a cryptographic solution to the worlds most widely and diversely
deployed Internet technology which puts the BURDEN _FULLY_ on the
shoulders of the recipient.

Odd to have everyone looking so intently at it and yet no one other than
John Levine (that I have read) has voiced this concern out loud.  Wonder
how that makes everyone look?


Why was Rijndael selected over Twofish for AES? A big part of it was
that Rijndael was faster even though Twofish appears to be stronger.
In the real world we have to make choices based on factors that may
not be considered in a perfect world.


This is incorrect.  Twofish is nearly as fast as AES, and a much more
secure.  The performance hit is a cost of about 5% to software
implementations because 1-bit rotations to the cipher to break up the
byte aligned structure.  Further Twofish these rotations result in the
encryption and decryption algorithms differing making implementations
more expensive.

Your wording "appears" is quite troubling.  Twofish is a stronger
algorithm, by a long shot.  The most troubling part about AES is its
simplistic algebraic structure, and Schneier and Ferguson are most
certainly not the only ones who have voiced their criticism of this.
Cryptographers have no expertise in this area and what scares me most
about this is that its striking resemblance to "Security through
Obscurity"... remember where that gets people?


I have a feeling that if Rand had used IIM as his example then you
would have attacked him for not including DK. One of the wonderful
things about our world is that anyone can write a White Paper. If you
don't like what Rand wrote then write your own. Then go see if people
are willing to take the time to read what you wrote.


When you compare the Sendmail white paper to Meng Weng Wong's white
paper, its like comparing the filthy poor to the filthy rich.  the MAAWG
paper was informative and attempted to provide the reader with a
comprehensive scope as to the goings on in the Industry.

All the Sendmail Inc paper was, was a marketing ploy.  It only speaks of
what it deems suitable, and its very disappointing to see.  Just have a
look on this list and all of the responses to the MAAWG paper vs the
Sendmail paper.  I think I need not state anything further as my point
is provided through the extensive content of late with the subject
"Sendmail White Paper".

Cheers,

James
 

James Couzens,
Programmer
                                                     ( ( (      
      ((__))         __\|/__        __|-|__        '. ___ .'    
       (00)           (o o)          (0~0)        '  (> <) '    
---nn-(o__o)-nn---ooO--(_)--Ooo--ooO--(_)--Ooo---ooO--(_)--Ooo---
http://libspf.org -- ANSI C Sender Policy Framework library
http://libsrs.org -- ANSI C Sender Rewriting Scheme library
-----------------------------------------------------------------
PGP: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x7A7C7DCF

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: URGENT: Community Position on SenderID, Roger Moser
Next by Date:  Re: Sendmail white paper, James Couzens
Previous by Thread:  Re: Sendmail white paper, Michael Hammer
Next by Thread:  Re: Sendmail white paper, David Woodhouse
Indexes:  [Date] [Thread] [Top] [All Lists]