[Cryptography] What is a secure conversation? (Was: online forums...)
Theodore Ts'o
tytso at mit.edu
Fri Dec 27 14:12:18 EST 2013
> > I actually addresses this issue a couple of weeks back as a
> > hypothetical. So let's think about it: Just what *would* a "more
> > secure" version of this discussion (ignoring the actual technology)
> > look like? Keep in mind that, by design, anyone can join by sending
> > a simple request to the moderator. They'll promptly receive copies
> > of all messages. Given this, what's your threat model?
>
>
> WYTM? Then the next step is we list out *all the threats we can
> think of* ... without prejudice.
>
> Later on we do some risk analysis and decide which are serious or not.
I think we should do both steps at the same time. But if you want to
separate them out, that's fine --- but then we shouldn't start
proposing using 4GB worth of memory whenever we need to execute a
string-to-key algorithm, or pursuing other solutions, until *after*
we've done this risk analysis.
Personally, part of talking about listing the threat also includes
doing the risk analysis, because otherwise the list can easily become
unbounded, and because there are people who are overly inclined to
paranoia will start pursuing solutions and demanding that we make
changes to mailing lists, protocols, open source software, etc.,
prematurely. (Having gotten all sorts of demands from really clueless
people about changes that they think I should make to the Linux
/dev/random driver, perhaps I'm a bit more sensitive about this than
others.)
I'm reminded, though, of the theory that one of the reasons why former
Vice President Cheney got so enthusiastic about waterboarding and
torture, and other forms of overkill in the "war on terror" (including
warrantless wiretapping) was because he got unfiltered access to the
list of all "potential threats", before it "is this really a credible
threat" filter had been applied, and this caused his paranoia to race
out of control.
Which is why I'm not all that enthusiastic about people making lists
of random threats, and then seeing people proposing algorithms and
changes, with apparently *no* serious risk analysis taking place.
Regards,
- Ted
More information about the cryptography
mailing list