[Cryptography] SMoP versus wisdom and judgment

John Denker jsd at av8n.com
Wed Nov 9 13:07:40 EST 2016 

On 11/05/2016 07:35 AM, Phillip Hallam-Baker wrote:

> Tell the computer what to do, not the user. Any set of user instructions
> can be reduced to code.

That's quite an overstatement.  Sometimes users are instructed
to exercise judgment.  That cannot be reduced to code.

We agree it is a SMoP to get the computer to /implement/ policy ...
but some wise person has to /design/ the policy beforehand.

Once upon a time my research department brought in an expert from
one of the front-line business units, on temporary assignment,
to give some real-world grounding to our work.  I asked her what
was the right thing to do in such-and-such situation.  She replied
by quoting corporate policy.  I explained that I already knew
what the policy book said, but our job was to /design/ policy,
so the question remained:  what was the right thing to do.  She
repeated her previous woefully-unwise answer.

Here's a large family of additional examples:  Oftentimes you
can't use a secret weapon without revealing it, so there is a
tradeoff:  the value of the secret versus the value of actual
use.  The same idea extends to the metaphorical weapons of
cryptanalysis and espionage, where there is a tradeoff, namely
exploiting the information versus protecting the sources and
methods.

It is a SMoP to get a computer to make the decision, but this
does not solve the judgment problem;  it just throws it over the
fence into the domain of the guy who writes the specifications
and/or writes the code.

We agree that sometimes the machine is in complete control of
the process, and the user is nothing but a meat robot ("would
you like fries with that?") ... but OTOH there still remain a
lot of situations where the machine serves the user, not the
other way around.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161109/36f5b589/attachment.sig>

More information about the cryptography mailing list