Interesting People mailing list archives

more on A Model for when Disclosure Helps Security: What Is Different About Computer and Network Security?

From: David Farber <dave () farber net>
Date: Thu, 09 Sep 2004 08:36:25 -0400



Begin forwarded message:

From: David Byrden <David () Byrden com>
Date: September 9, 2004 4:22:14 AM EDT
To: dave () farber net

Subject: Re: [IP] A Model for when Disclosure Helps Security: What IsDifferent About Computer and Network Security?



Dave:

The article referred by Monty Solomon states that
"disclosure cannot both help and hurt security".

But the implicit assumption that 'disclosure' would cover
every last detail, is an unhelpful oversimplification.

Proponents of disclosure do not recommend disclosing
*everything* - as an obvious example, they do not want to
disclose the secrets which the security system is meant
to protect. As a more pertinent example, it is often recommended
to disclose the algorithm of an encryption system, but *not*
the keys that are used for a particular session.

                                                David

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Current thread:

more on A Model for when Disclosure Helps Security: What Is Different About Computer and Network Security? David Farber (Sep 09)