| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040901194659.GI4564@hyper>
From: gadgeteer at elegantinnovations.org (gadgeteer@...gantinnovations.org)
Subject: Re: Response to comments on Security and Obscurity
On Wed, Sep 01, 2004 at 11:27:17AM -0400, Peter Swire (peter@...erswire.net) wrote:
> Some responses to the first morning worth of comments. A big reason for
> posting the paper to Full Disclosure was to make the paper less stupid -- to
> learn from the list. I've been working on this topic since I left the White
> House in early 2001, where I worked on privacy and computer security issues
> including the Federal Intrusion Detection Network, etc. A 2001 version of
> the paper needed a lot of work, and is still on the publications page of my
> web site as a work in progress ("What Should be Hidden or Open in Computer
> Security?"). I've presented this stuff quite a few times in front of
> technical audiences since, and continue to seek to improve it. I continue
> to think that this is an important topic -- for computer security and
> Homeland Security and physical security (especially after all the
> pro-secrecy actions since 9/11), when is secrecy at all justifiable, and
> when instead does it lead to bad security in addition to bad accountability?
Ah... Well, we all have day jobs. :-)
If your opinions have as wide an impact as the paragraph above would
indicate. A more practical and serious critique is called for.
I'm on my way out the door to a meeting in another town so I will have
to get back to you later on this.
cheers,
--
Chief Gadgeteer
Elegant Innovations
Powered by blists - more mailing lists