[Cryptography] best practices considered bad term

Kent Borg kentborg at borg.org
Mon Feb 2 20:02:56 EST 2015


On 02/02/2015 07:05 PM, Arnold Reinhold wrote:
> But what is the alternative to best practice recommendations for 
> cybersecurity? Telling every business to hire a consultant? 

Admit we are in a wild-west era--say so--tell businesses that there are 
no magic bullets, they need to be cautious, worried, and skeptical 
buyers. Give is a few decades (!) and things will maybe calm down some.

> Leaving the field to marketing departments with breathless claims of 
> 5000-bit security or trade magazine articles written by writer who 
> know little about the subject?

Promote open source software: cheaper, less need to be 
buzzword-compliant, more hope of being well implemented.

Maybe lobby the US government to understand that the US is arguably the 
most cyber-dependent economy, that more secure computer systems are a 
net gain for the US; that they should quit promoting and cherishing 
vulnerabilities.

There are some standards being developed, for example regarding credit 
card systems, they will continue to evolve as money continues to be 
lost, so stagnation is less a problem there.


But we have had a major revolution in high tech and con men will come to 
these new fertile fields. We are in for some bumpy years here, no matter 
what we say, so let's be honest about that to warn people. Council 
caution, maybe not computerize and network everything as fast as 
possible. (Online voting? No! Paper is great stuff.)

-kb, the Kent who drives an extremely manual car, because he know about 
computers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150202/1485677a/attachment.html>


More information about the cryptography mailing list