[Cryptography] Signal planning to drop support for plaintext SMS
jsd at av8n.com
Mon Oct 31 08:30:24 EDT 2022
On 10/30/22 10:01 AM, Rick Smith wrote:
> I still believe in certain old school crypto principles - in this
> case, keep your red and black separate.
I hate to flaunt my ignorance, but when and where did that
principle originate? I don't recall seeing it in "old school"
sources, such as Kerckhoffs's six principles ... or even in
more modern authoritative sources such as Executive Order
I have some questions about how this separation principle
works in practice:
Does it apply only to apps, or does it also apply to persons?
In particular, suppose I am cleared to look at top secret
documents; does that mean I am not allowed to read unclassified
How am I to understand the provision of EO 13526 that says
"Compilations of items of information that are
individually unclassified may be classified..."
Does this principle mean that I am required to use separate
browsers for HTTPS: and HTTP: urls? What about FILE: urls?
What happens if an HTTPS: page links to an HTTP: page? Or
What happens if there is an explicit decision to declassify
something (perhaps with redactions)?
It seems to me that a certain amount of /judgment/ is required.
Of course, whenever there is judgment, that opens up some
possibility of bad judgment. That's a cost of doing business.
That cost will always be with us.
My point is, using two different apps, as if that were a
substitute for judgment, is a huge step in the wrong direction.
A "principle" that requires two different apps is even worse.
More information about the cryptography