More info in my AES128-CBC question
Steven M. Bellovin
smb at cs.columbia.edu
Sun Apr 22 22:57:40 EDT 2007
On Mon, 23 Apr 2007 09:39:10 +1000
Greg Black <cryptography at mail.gbch.net> wrote:
> On 2007-04-21, David Wagner wrote:
>
> > If you're sick and you go to a doctor, do you tell the doctor "you'd
> > better come up with some very clear arguments if you want me to
> > follow your advice"? Do you tell your doctor "you'd better build a
> > strong case before I will listen to you"? I would hope not. That
> > would be silly.
>
> Not at all. That would be smart. Blind deference to experts, in any
> field, is just plain stupid.
>
> > Doctors are medical professionals with a great deal of training and
> > expertise in the subject. They can speak with authority when it
> > comes to your health. So why do people with no training in
> > security think that they can freely ignore the advice of security
> > professionals without any negative consequences?
>
> Asking the professionals to make a clear case is not the same as
> freely ignoring them. But blindly following those who speak with
> authority leads to all sorts of nonsensical outcomes.
>
> If we are consulting an expert, it behoves us to examine the expert's
> reasoning. If we are the experts, we should expect to have to explain
> ourselves to those who rely on us -- and we should volunteer those
> explanations rather than making people drag them out of us.
Sure -- but remember that in general, *you don't know as much as the
expert*. It's relatively easy to learn the basic facts; however,
learning *judgment* is a lot harder -- and that's what you're really
paying the expert for.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list