As far as the open/closed source thing goes I was just pointing out that at least half of the OSS crypto things you listed have commercial roots.
Which leaves OSS crypto looking even iffier, as what you actually have is: "OSS crypto is mostly ok when it's implementing things developed in the commercial world." SSH V1 was not terribly good, V2 was much better and was a commercial development.
The Commercial input comment was because I can't now recall the history of IPSec, but AFAIR it borrowed heavily from commercial products such as SunScreen. So yes the final thing is opensource but based on closed source development which leaves GPG as the only "mostly ok" crypto to have actually come from the world of open source, the rest being "OpenSource copies closed source"
Which doesn't hugely support the idea that CSS crypto "sucks much worse for the most part".
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2003-09-30 06:34 am (UTC)Which leaves OSS crypto looking even iffier, as what you actually have is:
"OSS crypto is mostly ok when it's implementing things developed in the commercial world."
SSH V1 was not terribly good, V2 was much better and was a commercial development.
The Commercial input comment was because I can't now recall the history of IPSec, but AFAIR it borrowed heavily from commercial products such as SunScreen. So yes the final thing is opensource but based on closed source development which leaves GPG as the only "mostly ok" crypto to have actually come from the world of open source, the rest being "OpenSource copies closed source"
Which doesn't hugely support the idea that CSS crypto "sucks much worse for the most part".