[Cryptography] safety principles +- security principles

John Denker jsd at av8n.com
Sat Nov 7 11:47:00 EST 2015 

On 11/05/2015 06:26 PM, ianG wrote:

> in the information security world, we have dozens or
> even hundreds of tribes touting one view of security in conflict with
> another.  There is no agreement, and there is no easy way to find
> agreement, on what means "Secure" and what means "Insecure".

So far so good...

> In the safety critical world, we have pretty much universal agreement
> on what is an unsafe thing and what is a safe thing.

I disagree almost completely.

I do not recognize any important distinction between 
safety and security.  There are minor differences of
connotation, but the basic idea is the same.

If you think there is "universal agreement" it just
means you haven't looked very closely.  For example, 
on the very same day (11/05/2015) a chemistry professor
was talking about safety.  He said:

>>  What one expert considers to be
>> perfectly safe, another would expunge from the world if they could.

Here's another example, from yet another field where
safety is constantly under consideration, namely 
aviation.  There is nowhere near "universal agreement"
about what's "safe" and what's not.  For example,
consider night VFR:
  a) In Canada night it's illegal.  It's considered
   too risky.
  b) In the US, it's perfectly legal.  "Live free or die."
  c) In the US, a lot of pilots won't do it.  "Fly at
   night, file the flight."  I've seen situations where
   this turned out to be spectacularly good policy.

More generally, each pilot has so-called "personal 
minimums" that are stricter than the legal minimums.
This explicitly enshrines the idea that there is no
"universal agreement" and never will be.

Also, there is a well-known story in the crypto
community:  The pointy-haired boss asks "Will it
be secure if we ...."  and the expert answers "No"
without waiting to hear the rest of the question.
The point is, nothing you do will ever by 100%
secure.  The real question is how much risk are
you willing to bear, and how much are you willing
to pay to reduce the risk.

The exact same story is told in every safety-related
field that I know of, including chemical safety,
nuclear safety, aviation safety, etc. etc. etc.

Last but not least, there are many ways in which 
communication security overlaps with operational 
safety.
 -- Huge numbers of lives depend on military crypto.
  This is obvious during wartime.  It is less obvious
  but no less true during times when you didn't think
  there was a war on, e.g.
      https://theintercept.com/2015/10/28/how-one-air-force-captain-saved-the-world-from-accidental-nuclear-war-53-years-ago-today/

 -- There are ways in which hacking aviation data 
  and/or voice communications could lead to tragedy.
  Some of this is obvious, some less so.  As usual,
  life is difficult for the white-hat whistleblower,
  because it is easier to find bugs than to fix them.

 ++ etc. etc. etc.

============

Bottom line: Trying to distinguish safety from security
is a fool's errand.

More information about the cryptography mailing list