[Cryptography] protecting information ... was: we need to protect our dox

Christian Huitema huitema at huitema.net
Thu Nov 10 00:40:47 EST 2016

On Wednesday, November 9, 2016 4:29 PM, Ron Garret wrote:
> On Nov 9, 2016, at 1:41 PM, John Denker <jsd at av8n.com> wrote:
>> As part of asking
>>  What's Your Threat Model (WYTM)?
>> we need to ask
>>  What's Your Security Perimeter (WYSP)?
> This really needs to be emphasized.  

Well, maybe. But thinking of security in terms of perimeter has its downsides. It is more productive to first look at "what are the assets that you want to protect." Are these documents, email, metadata, connection graphs, etc. Then, using an architecture diagram, you can look at the various interfaces in the system, and check for each one how they can be abused. 

>                   ... I meet people all the time who ask me if I can build them a magic USB 
> dongle that they can plug in to their computer and somehow make it magically secure.  I have to explain
>  to them that the very fact that they are asking this question -- that this possibility is part of their world
>  view -- is a big part of the problem.  Most of them don’t like hearing that.

Yes, people are not always smart. But then, that's what they pay for help, don't they?

-- Christian Huitema

More information about the cryptography mailing list