[Cryptography] When your security is too secure

Jon Callas jon at callas.org
Tue Nov 25 01:27:49 EST 2025 


> On Nov 24, 2025, at 02:20, Jeffrey Goldberg <jeffrey at goldmark.org> wrote:
> 
> 
> It isn’t too hard to construct examples for all six possible orderings of importance. I vaguely recall doing so with someone over copious quantities of alcohol at some point. But do don’t recall the actual examples we constructed.
> 
> For C > A the examples centered around a personal diary.
> 
> For C > I the examples centered around a tryst. 
> 
> But I do agree with the over all point that people who don’t have a lot of experience with this tend to think primarily about C forgetting about A and not recognizing the importance of I. I lectured one of my wife’s colleagues at a Christmas party last year when they mentioned that they don’t password protect their spreadsheet of Christmas movies. I reminded them that they have a small child and so should be concerned the child might change every recored to “Elmo Saves Christmas”.  This year, I expect that even more people at the party will avoid me.

The examples have problems in their explanatory merit.

Consider a diary. Maybe C > A, in the sense that I have to unlock the diary before I can write it in. At the same time, a diary is some combination of the writer talking to themselves and the writer talking to posterity. (As an aside that illustrates a bit of this, in the late 19th century in the US, it was a considered a 5th amendment violation for the government to read someone's diary. The rationale was that a diary was a person's inner-most thoughts, so reading a diary was breaking into that which is the person themselves. As I vaguely remember, it's an interesting digression in Gray's "The Fourth Amendment in an Age of Surveillance."

An old friend of mine's father was a government scientist in the Cold War, and in a fit of pique he invented a thing that was basically a metal box with a letter-sizer aperture into a spool of paper. As the writer wrote, their writings went into the locked box, where they no longer had access to them. This was so someone could write about things that they did not have clearance to know, and after they wrote words, they'd be locked away so they could not see the things they didn't have clearance to know. It was, of course, a grand joke, and part of the joke was that he filed a patent for this.

If we say that with a diary that C > A, then we're flirting with this idea of thinking thoughts one is not allowed to think. Yes, a person's diary is confidential, but it is confidential because it is their innermost, unvarnished thoughts. (And again, there's also this sub rosa audience of Posterity. Part of the point of a diary is that your grandchildren will read your salty words about your mother, and that is part of the catharsis.) There's also an old Lincoln anecdote where he encourages someone to write their unvarnished criticism, and rewrite it several times until there's no varnish. Then you burn the letter. This isn't even the dilemma of burning before or after reading, that John Levine and I danced about -- it's burn before sending, and I think that part of the joke goes back to the idea that Availabily is more powerful than anything else. You burn it before sending because Availability is so powerful you just want to vent.

There's no point to a diary with no availability; it's just ranting at the mirror. Also, of course one wants to rant at the mirror with confidentiality, too. You don't want people overhearing your unvarnished thoughts said to the mirror. 

My old logic professor had a quip that while all sets *can* be well-ordered (that's the Axiom of Choice), not every set *should* be well-ordered. The charm of the game of rochambeau (rock, paper, scissors) is that it is not a well-ordering. Every member of the set is greater than and less than some other member of the set.

Above I used the term "sine qua non," Latin for "without this, there's nothing" is that this is not transitive, nor linear, nor even a ring. We cryptographers focus on C and drag I around, too, because those are interesting, difficult, but solvable. Tacitly is a lot of what we talk about is the idea (particularly in communication security) that if a message has been lost, it can be resent. We don't deal often with the extreme A scenario where the message must get through, no matter what, and everything else is secondary. A drags along I, because an error is also a loss of A, and C is really really nice to have, but if losing C means losing A, then I will do without C. 

	Jon

More information about the cryptography mailing list