| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: jftucker at gmail.com (James Tucker) Subject: Response to comments on Security and Obscurity On Thu, 02 Sep 2004 10:02:12 -0400, Barry Fitzgerald <bkfsec@....lonestar.org> wrote: > I... tend to agree. It's a difficult question because analogies are > useful if the person reading the paper has no point to base their > opinion off of. However, I see two problems with this: > > 1) Perhaps a paper of this type shouldn't be considered introductory > material. Perhaps the knowledge of the system should be a pre-requisite > for reading the paper. Familiarity with the topics should be assumed. > Discerning between the advantages and disadvantages between disclosure > and secrecy isn't a small or simple thing and perhaps people without > that level of familiarity, shouldn't venture directly down that path. > > 2) The above is especially true in the case of influence of public > policy. If person shaping public policy is basing their opinion off of > a (most likely defunct) analogy, we have a major problem. As I'm sure > Peter is aware, this is probably more often than not, the rule in the > shaping of public policy. It reminds me of the scene in Fahrenheit 9/11 > where they were discussing the fact that the Patriot Act was passed > without a single legislator reading it. This scares me a lot. Of > course, this increases the need for simplification of the issues so that > legislators can at least vote with a modicum of knowledge on a subject, > but thus begins the cycle... > > Perhaps a series of papers is more appropriate, starting with an > in-depth understanding of the ideologies from the ground level? I agree.
Powered by blists - more mailing lists