From owner-freebsd-hackers@FreeBSD.ORG Thu Mar 3 18:36:25 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6FD316A4CE for ; Thu, 3 Mar 2005 18:36:25 +0000 (GMT) Received: from marlena.vvi.at (marlena.vvi.at [208.252.225.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6CDE143D2D for ; Thu, 3 Mar 2005 18:36:25 +0000 (GMT) (envelope-from www@marlena.vvi.at) Received: from marlena.vvi.at (localhost.marlena.vvi.at [127.0.0.1]) by marlena.vvi.at (8.12.10/8.12.9) with ESMTP id j22MfCoH085408; Wed, 2 Mar 2005 14:41:14 -0800 (PST) (envelope-from www@marlena.vvi.at) Received: (from www@localhost) by marlena.vvi.at (8.12.10/8.12.10/Submit) id j22Mf6Vt085406; Wed, 2 Mar 2005 14:41:06 -0800 (PST) (envelope-from www) Date: Wed, 2 Mar 2005 14:41:06 -0800 (PST) Message-Id: <200503022241.j22Mf6Vt085406@marlena.vvi.at> To: phk@phk.freebsd.dk From: "ALeine" cc: tech-security@NetBSD.org cc: hackers@freebsd.org cc: cryptography@metzdowd.com cc: tls@rek.tjls.com cc: smb@cs.columbia.edu Subject: Re: FUD about CGD and GBDE X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2005 18:36:25 -0000 Again I was left out of the loop by a certain someone who is not subscribed to hackers@freebsd.org, so I apologize for replying indirectly. phk@phk.freebsd.dk wrote: > In message <20050303165730.8931C3BFDBA@berkshire.machshav.com>, > "Steven M. Bellovin" writes: > > >I don't claim that there's a flaw. I do assert that that I > >haven't seen a threat model that would justify extra complexity. What about the threat model I described in my reply to you: http://docs.FreeBSD.org/cgi/mid.cgi?200503010320.j213KI8U047666 Do not let the 666 at the end scare you. :-) > It is all sounds and true advice about simplicity, but only if we > don't simplify so much that people do not trust the result. > > As Einstein said: "As simple as possible, but no simpler". Exactly, and people should stop trying to apply Occam's razor (the principle of parsimony) in an attempt to justify the simpler approach when the basic premise for it does not even exist. Occam's razor favours the simpler of the numerous explanations/solutions for an observed phenomenon. Here you have two distinct mechanisms that are not the same phenomenon, eventhough data is being encrypted in both cases. Here's an analogy: GBDE is like a jacket with many pockets both on the inside and the outside, with some secret pockets with keys for other locked pockets within pockets. If someone steals you jacket they might be able to pick some pockets, but picking one pocket will not give you the contents of all the other pockets, nor will it give you their location. CGD, on the other hand, is like a large bag, if you manage to get hold of it and open it (the same assumption as in being able to look inside a regular jacket pocket), everything inside it is yours. I prefer jackets, they also keep you warm. Besides, wearing a bag would be silly, but some people might decide it's their style. :-> ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net