From: "steven ryan" <sryan@reading.com>
Date: Mon, 23 Sep 1996 12:19:05 +0800
To: cypherpunks@toad.com
Subject: Re: Snake-Oil FAQ
Message-ID: <3.0b15.32.19960922214147.00551e40@reading.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:27 AM 9/22/96 -0700, you wrote:
>My view is that people interested in buying and using crypto are either
>bright enough to learn, or are not. A "Snake Oil FAQ" is largely
>unnecessary, for either category. For the first, because they're bright.
>For the second, because they're not.

My view is that there is a large third group of people who are bright
enough to learn, but don't have the time or inclination to read books or do
extensive research on the subject. There are a lot of people using PGP for
the wrong reason, not because they read the books or did the research. Nor
do they even understand how it works as opposed to how it is used. They are
using it because they cruised the net and read good things about it or
heard it was cool. 

A Snake Oil Faq could help prevent these people from choosing  wrong
products. It would also be very helpful to have all the arguments in one
place in one concise faq. Before I joined this list and read Applied
Cryptography I was in a discussion in a previous job about securing one of
our products. The programmer wanted to protect the key with a convoluted
series of transpositions. I knew it was dumb but couldn't successfully
argue the point why. A faq would have been helpful.

There a lot of people with a casual interest in crypto who will remember
that there is a faq on bad crypto. When the time comes they may be able to
use those arguments to help avoid the use of bad crypto.

Steven 

------------------------------------
Steven Ryan - Reading Access - sryan@reading.com
PGP Fingerprint: E8 A2 C5 A2  7A C4 77 93  0A 1B 1D C6  B9 2F 36 9B
Finger me for my PGP public key