[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Vertical vs. Horizontal Crypto (was: RE: propose: `cypherpunks license' (Re: Wanted: Twofish source code))

> Lucky Green writes:
>Cyphpunks believe that more strong crypto is better.

And this holds true for vertical as well as horizontal applications.  Unlike
Mr. Stallman, I think that there is a case where closed-source software is
appropriate, and that case is vertical applications.  Just as I wouldn't
propose that TCE release the source code for our devices (RCA TVs, ProScan
VCRs, etc.), as the intellectual return on the release would be low (how
many people are going to write low-level software for their own TVs?), I
think it is also inappropriate for other vertical-market applications
(another example: book library maintenance software).

However, some of the bad effects of closed-source crypto can be countered by
the use of open crypto protocols, like TLS/SSL, OpenPGP, IPSec, and the
like.  Although this still won't protect against all attempts at getting
around the security of the crypto protocol, at least some crypto protocols
are pretty immune to these kinds of attacks -- for example, a PC web browser
talking to a set-top box using TLS should only be able to be subverted by
the set-top box itself, not by a third party through a hole in the protocol.

I'm somewhat surprised that no one has brought this (open crypto protocols)
up in the discussion before.  (Could it be that I had an original idea?
Mark Leighton Fisher          Thomson Consumer Electronics
[email protected]          Indianapolis, IN
"Their walls are built of cannon balls, their motto is
'Don't Tread on Me'"