[Cryptography] SMoP versus wisdom and judgment
John Denker
jsd at av8n.com
Wed Nov 9 13:07:40 EST 2016
On 11/05/2016 07:35 AM, Phillip Hallam-Baker wrote:
> Tell the computer what to do, not the user. Any set of user instructions
> can be reduced to code.
That's quite an overstatement. Sometimes users are instructed
to exercise judgment. That cannot be reduced to code.
We agree it is a SMoP to get the computer to /implement/ policy ...
but some wise person has to /design/ the policy beforehand.
Once upon a time my research department brought in an expert from
one of the front-line business units, on temporary assignment,
to give some real-world grounding to our work. I asked her what
was the right thing to do in such-and-such situation. She replied
by quoting corporate policy. I explained that I already knew
what the policy book said, but our job was to /design/ policy,
so the question remained: what was the right thing to do. She
repeated her previous woefully-unwise answer.
Here's a large family of additional examples: Oftentimes you
can't use a secret weapon without revealing it, so there is a
tradeoff: the value of the secret versus the value of actual
use. The same idea extends to the metaphorical weapons of
cryptanalysis and espionage, where there is a tradeoff, namely
exploiting the information versus protecting the sources and
methods.
It is a SMoP to get a computer to make the decision, but this
does not solve the judgment problem; it just throws it over the
fence into the domain of the guy who writes the specifications
and/or writes the code.
We agree that sometimes the machine is in complete control of
the process, and the user is nothing but a meat robot ("would
you like fries with that?") ... but OTOH there still remain a
lot of situations where the machine serves the user, not the
other way around.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161109/36f5b589/attachment.sig>
More information about the cryptography
mailing list