Re: ArcotSign (was Re: Does security depend on hardware?)

[bram <bram@gawth.com>]

On Wed, 23 Sep 1998, Bruce Schneier wrote:

> Sorry.  I am under NDA.  Hopefully Arcot will explain sooner rather than
> later. I suggest not using the product until you are satisfied.

I'd say the following has been well established by now - 

- The people at ArcotSign are not completely clueless

- They're doing things in a possibly sub-optimal way as far as publically
explaining their algorithms, but this is a decision on their part, it's
not that they don't have reasonable algorithms to back things up

- They're not releasing due to being afraid of people copying their
product before they've gotten sufficiently far in development/achieved
some market penetration. Those of you who don't work at startups might not
be familiar with this sort of thinking, but it's completely reasonable -
if you go around telling everybody all the little details of how to make
things work, some large company might make a very quick bastardized
version and throw lots of marketing oomph behind it.

- Their marketing materials are a bit misleading. This they can reasonably
be faulted for.

In short, at worst it's a poor product, but not 'snake-oil'. I have no
idea whether it's a *good* product, since I've never looked at it, but for
all I know it might be the greatest thing since sliced bread.

I think that pretty much sums up everything there is to currently say on
the subject, until ArcotSign releases more details.

-Bram

(Who isn't talking about what he's working on until the official release
of a reasonably well fleshed-out product comes out.)