[Cryptography] When your security is too secure
Jeffrey Goldberg
jeffrey at goldmark.org
Mon Nov 24 05:20:00 EST 2025
On Nov 23, 2025, at 19:40, Peter Gutmann via cryptography <cryptography at metzdowd.com> wrote:
>
> Jon Callas <jon at callas.org> writes:
>
>> There's a classic model of security: confidentiality, integrity, and
>> availability. […] As I get older and more
>> experienced, the more I think that A is more important than C or I.
>
> And I in turn is more important than C: [..]
It isn’t too hard to construct examples for all six possible orderings of importance. I vaguely recall doing so with someone over copious quantities of alcohol at some point. But do don’t recall the actual examples we constructed.
For C > A the examples centered around a personal diary.
For C > I the examples centered around a tryst.
But I do agree with the over all point that people who don’t have a lot of experience with this tend to think primarily about C forgetting about A and not recognizing the importance of I. I lectured one of my wife’s colleagues at a Christmas party last year when they mentioned that they don’t password protect their spreadsheet of Christmas movies. I reminded them that they have a small child and so should be concerned the child might change every recored to “Elmo Saves Christmas”. This year, I expect that even more people at the party will avoid me.
Jeffrey Goldberg
jeffrey at goldmark.org
https://jeffrey.goldmark.org
More information about the cryptography
mailing list