CIA - the cryptographer's intelligent aid?

[Ian Grigg]

Richard Johnson wrote:
> 
> On Sun, Dec 21, 2003 at 09:45:54AM -0700, Anne & Lynn Wheeler wrote:
> > note, however, when I did reference PAIN as (one possible) security
> > taxonomy .... i tended to skip over the term non-repudiation and primarily
> > made references to privacy, authentication, and integrity.
> 
> In my eperience, the terminology has more often been "confidentiality,
> integrity, and authentication".  Call it CIA if you need an acronym easy
> to memorize, if only due to its ironic similarity with that for the name of
> a certain US government agency. :-)


I would agree that CIA reins supreme.  It's easy to
remember, and easy to teach.  It covers the basic
crypto techniques, those that we are sure about and
can be crafted simply with primitives.

CIA doesn't overreach itself.  CAIN, by introducing
non-repudiation, brings in a complex multilayer
function that leads people down the wrong track.

PAIN is worse, as it introduces Privacy instead of
Confidentiality.  The former is a higher level term
that implies application requirements, arguably, not
a crypto term at all.  At least with Confidentiality
it is possible to focus on packets and connections
and events as being confidential at some point in
time; but with Privacy, we are launched out of basic
crypto and protocols into the realm of applications.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com