lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald) Subject: Response to comments on Security and Obscurity yaakov yehudi wrote: >A firewall is more akin to a specialized filter medium, but filter mediums aren't used as the entrance or exit to a military base. > >It is probably possible to find analogies between the information security world and physical - but only on a piecemeal basis, and that is simply irrelevant and pointless. > >Peter might be much better to concentrate on the realities and forget about straw-man analogies. What do you think? > > > > I... tend to agree. It's a difficult question because analogies are useful if the person reading the paper has no point to base their opinion off of. However, I see two problems with this: 1) Perhaps a paper of this type shouldn't be considered introductory material. Perhaps the knowledge of the system should be a pre-requisite for reading the paper. Familiarity with the topics should be assumed. Discerning between the advantages and disadvantages between disclosure and secrecy isn't a small or simple thing and perhaps people without that level of familiarity, shouldn't venture directly down that path. 2) The above is especially true in the case of influence of public policy. If person shaping public policy is basing their opinion off of a (most likely defunct) analogy, we have a major problem. As I'm sure Peter is aware, this is probably more often than not, the rule in the shaping of public policy. It reminds me of the scene in Fahrenheit 9/11 where they were discussing the fact that the Patriot Act was passed without a single legislator reading it. This scares me a lot. Of course, this increases the need for simplification of the issues so that legislators can at least vote with a modicum of knowledge on a subject, but thus begins the cycle... Perhaps a series of papers is more appropriate, starting with an in-depth understanding of the ideologies from the ground level? -Barry
Powered by blists - more mailing lists