[Cryptography] Signal planning to drop support for plaintext SMS

John Denker jsd at av8n.com
Mon Oct 31 08:30:24 EDT 2022

On 10/30/22 10:01 AM, Rick Smith wrote:

> I still believe in certain old school crypto principles - in this
> case, keep your red and black separate. 

I hate to flaunt my ignorance, but when and where did that
principle originate? I don't recall seeing it in "old school"
sources, such as Kerckhoffs's six principles ... or even in
more modern authoritative sources such as Executive Order

I have some questions about how this separation principle
works in practice:

Does it apply only to apps, or does it also apply to persons?
In particular, suppose I am cleared to look at top secret
documents; does that mean I am not allowed to read unclassified

How am I to understand the provision of EO 13526 that says
	"Compilations of items of information that are
	individually unclassified may be classified..."

Does this principle mean that I am required to use separate
browsers for HTTPS: and HTTP: urls? What about FILE: urls?
What happens if an HTTPS: page links to an HTTP: page? Or
vice versa?

What happens if there is an explicit decision to declassify
something (perhaps with redactions)?


It seems to me that a certain amount of /judgment/ is required.
Of course, whenever there is judgment, that opens up some
possibility of bad judgment. That's a cost of doing business.
That cost will always be with us.

My point is, using two different apps, as if that were a
substitute for judgment, is a huge step in the wrong direction.

A "principle" that requires two different apps is even worse.

More information about the cryptography mailing list